mesvak 362 [hide] # Exploit Title: MyBB Thank Like Plugin 3.0.0 - XSS # Date: 10/3/2018 # Author: Mesvak # Version: 3.0.0 # Tested on: KALI # CVE: CVE-2018-14888 1. Description: This plugin allows users to thank/like other users threads/posts. In user profiles it shows your most liked post/thread, the post/thread subjects aren't sanitized to user input. 2. Proof of Concept: - Use the following as the post/thread subject - Get that post/thread liked by another user (or you) - Visit your profile to see alert. [/hide] soLUTION IS UPDATING TO NEW VERSION OF ASS Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD Quote Share this post Link to post Share on other sites
pass2019 3 lets check it out and see if it works Quote Share this post Link to post Share on other sites
charles15151 3 soLUTION IS UPDATING TO NEW VERSION OF ASS Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD Wait so how does this work? Im new to this. Quote Share this post Link to post Share on other sites
punahin 1 ahaaa i finally found thiss tool thnks Quote Share this post Link to post Share on other sites