MYBB VERSION 1.3 MANY SITES USE THIS SHIT EVEN THE POPULAR ONES !!TESTED!!

[mesvak 380]

[hide]

 

 

# Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS
# Date: 3/15/2018
# Author: 0xB9
# Version: v1.3
# Tested on: Ubuntu 17.10


1. Description:
When editing a thread the user is given to the option to convert the thread to a link.


2. Proof of Concept:

Persistent XSS
- Edit a thread or post you've made
- At the bottom of the edit page in the Thread Link box input the following ">
- Now visit the forum your thread/post exists in to see the alert.

 

 

 

 

[/hide]

 

 

SOLUTION

 

[hide]

 

 

 

 

Patch in line 83:
$thread['tlink'] = ($thread['tlink']);

to

$thread['tlink'] = htmlspecialchars_uni($thread['tlink']);
           

 

 

[/hide]

 

 

 

Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD     

[Ahmad786 8]

thnx man good job

[DanDeni 2]

let me see this

[darkrick1 3]

you the best bro tnx

[GradiNITA 3]

you the best bro tnx

[ramzi410 3]

MYBB VERSION 1.3 MANY SITES USE THIS SHIT EVEN THE POPULAR ONES !!TESTED!!

[jayx420 1]

cant wait to check this out

[aktox 2]

good job dude thx u

[4ph4 1]

WOOOOOOOOOOOOW THANKSS BROOOO VERY MUCH??????

[Bestsadi 0]

Great job dude thanks

[RandyBCZ 1]

 

 

 

 

Ahora la mierda XD  No te  olvides de lib  una  como  todos los creds  va  a mesvak cz i  soy el  de  que los está descargando XD        

 

Is incredible your work men

[ezzuldin 1]

Thanks man!!

[mikepeterson 3]

Thanks man for the effort

[samorog 0]

dgda gdaga sdga gdgadgaga

[anonghost 4]

:fyou: :fyou: :fyou: :fyou: :fuck: :fuck:

[b@tman 2]

 

 

 

 

Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD     

 

thx manhood work :monkas: