MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
Invalid characters removed from From: o.y.6@xxxxxxxxxxx, |@securityfocus.com,
## MyBB 1.02 usercp2.php XSS
##------------------------------##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
## ##
## devil-00@xxxxxx ##
## ##
##-----------------------------###
##
## File :- usercp2.php
## Var :- $url
## Line's :-
## -> 39
## -> 58
## -> 84
## -> 108
## -> 130
## -> 149
## -> 164
## -> 178
## -> 192
###################################
##
## Exploit :-
##-------------------------------------------------------------##
[ Go to any topic .. then go to the end of the page ]
[ you will see " Add Thread to Favorites " ]
[ open the firefox with Live HTTP Headers ]
[ and click it .. go to Headers Edit ]
[ edit Referer :- "><script>alert(document.cookie);</script> ]
##-------------------------------------------------------------##
##
## Gr33tz :- www.securitygurus.net
BlackRay <- my new homei
HACKERS PAL
Valm0nt
Abducter
j7a
abdalmaged
Xion
And Others [ S4a Members with SG Members ]
** chow **