lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 24 Jan 2007 06:43:16 -0000
From: Advisory@...a-Security.Net
To: bugtraq@...urityfocus.com
Subject: [Aria-Security Team] MyBB Cross-Site Scripting

#Aria-Security Team
#http://Aria-Security.com
#http://www.aria-security.com/forum/showthread.php?p=144
#Contact: Advisory@...a-security.com
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: MyBB
#
#Explanation:
First of all user must be REGISTERED and authorized
- Go to http://target/mybbpath/private.php
- Inster your xss code for Subject
- Press Preview

Powered by blists - more mailing lists