lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 13 Apr 2016 14:01:40 GMT
From: iedb.team@...il.com
To: bugtraq@...urityfocus.com
Subject: Mybb Cms (create forum and edit) Cross-Site Script Vulnerability

xss vulnerability in mybb All version
test on 1.6.18 and 1.8.7
pic of bug : http://kkli.ir/tZa6l

#################################

#
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@            @@@  @@@@@@@
#     @@@    @@@@@@@@@@@    @@@  @@         @@@     @@            @@@  @@@@@@@@  
#     @@@    @@@            @@@    @@       @@@       @@          @@@  @@@  @@@  
#     @@@    @@@            @@@      @@     @@@     @@            @@@  @@@  @@@  
#     @@@    @@@@@@@@@@@    @@@       @     @@@@@@@@@@            @@@  @@@@@@
#     @@@    @@@@@@@@@@@    @@@     @@      @@@     @@            @@@  @@@@@@
#     @@@    @@@            @@@   @@        @@@       @@   @@@    @@@  @@@ @@@
#     @@@    @@@            @@@ @@          @@@     @@     @@@    @@@  @@@  @@@
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@     @@@    @@@  @@@   @@@
#

#####################################

#####################################

#         Iranian Exploit DataBase

# Mybb Cms (create forum Page) Cross-Site Script Vulnerability

# Vulnerability : xss Vulnerability

# Vulnerability on : (create forum Page And Edit Forum)

# Version : 1.6* and 1.8.*

# tested : 1.6.18 and 1.8.7

# Vendor site : http://mybb.com/

# pic : http://kkli.ir/K9dwT

# Author : IeDb.Ir

# Site : Www.IeDb.Ir   -   Www.IeDb.Ir/acc   -   xssed.Ir   -   kkli.ir

# Vulnerability attack information site : http://xssed.Ir/

# Archive Exploit = http://kkli.ir/tZa6l

#####################################

# Bug :

http://www.site.com/mybb/admin/index.php?module=forum-management

-----------------------------


# Description :

Enter your admin user the first control panel.
Then go to the forums and posts.
Then click on the Add Forum.
Create your community and forum.
Then into that section, and then click on Edit Profile.

pic : http://kkli.ir/NYHS7

After getting into the community editing and form,
At the Forum, as well as forums, you can put your xss code.

pic : http://up.iedb.ir/uploads/mybb-bug3.jpg

Then, an association is made we store.
Then we just go logged in.
As you can see, you xss code is executed.

pic : http://kkli.ir/1pDlv

Your use of this Bug and security problems, can a small program, you can use cookies to users who come to this forum, to take theft.

The bug in all versions is responsive and is a medium security problem.

--------------

Exploit is private.
The exploit only to send the news and is also in the process of this vulnerability.
To request exploits, stay tuned with us:

http://iedb.ir

http://iedb.ir/acc/

http://irist.ir

http://xssed.ir

email : iedb.team@...il.com

tnks to : All Member In Iedb.ir and Iedb.ir/acc and And all the other friends that are associated with our team.

#####################################

#  Archive Exploit = http://iedb.ir/exploits-5031.html

#####################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ