MyBB 1.10 New XSS ' member.php '

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MyBB 1.10 New XSS ' member.php '
From: o.y.6@xxxxxxxxxxx
Date: 12 Apr 2006 22:05:19 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

//-- MyBB 1.10 New XSS ' member.php ' --//

Webattack :-
        1- Logout
    2- Open Firefox
    3- Use [ Live HTTP Headers ]
    4- Do Register
    5- Agree It
    6- Edit Cookies By Live HTTP Headers
    7- Add This Cookies :D
        mybb[referrer]="></input><b>HTML</b><input>;

//-- FixIT --//

        Open member.php
    GoTo Line :- 595 ..


                $referrername = $_COOKIE['mybb']['referrer'];


        Replace It With

                $referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);

//-- --//

Prev by Date: Recon 2006: speaker lineup announcement
Next by Date: Re: Confixx 3.1.2 <= SQL Injection
Previous by thread: Recon 2006: speaker lineup announcement
Next by thread: QuickBlogger v1.4 Cross-Site Scripting
Index(es):
- Date
- Thread