Sign in to follow this  
Followers 0
mesvak

MYBB VERSION 1.1 XSS BUG ASS !TESTED!

By mesvak in Website Hacking

Recommended Posts

mesvak    362

mesvak

[hide]

 

 

# Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting
# Date: 4/20/2018
# Author: Mesvak
# Version: 1.1
# Tested on: Ubuntu 17.10


1. Description:
Adds a new section to user profiles that will display their last posts.


2. Proof of Concept:

Persistent XSS
- Create a thread with the following subject 
- Now visit your profile to see the alert.

 

 

 

 

 

[/hide]

 

 

SOLUTION

[hide]

 

 

 

$d['tsubject'] = htmlspecialchars_uni($d['tsubject']);

 

 

 

 

 

[/hide]

Now fuck off XD Dont forget to lib like all creds goes to mesvak cz i m the on who is leeching them XD  kek.png kek.png hype.png hype.png

Share this post

Link to post
Share on other sites

lucirms    0

lucirms

thnaks dude let me see

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Sign in to follow this  
Followers 0
Go To Topic Listing