<<< Date Index >>>     <<< Thread Index >>>

MyBB 1.10 New XSS ' member.php '



//-- MyBB 1.10 New XSS ' member.php ' --//

Webattack :-
        1- Logout
    2- Open Firefox
    3- Use [ Live HTTP Headers ]
    4- Do Register
    5- Agree It
    6- Edit Cookies By Live HTTP Headers
    7- Add This Cookies :D
        mybb[referrer]="></input><b>HTML</b><input>;

//-- FixIT --//

        Open member.php
    GoTo Line :- 595 ..


                $referrername = $_COOKIE['mybb']['referrer'];


        Replace It With

                $referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);

//-- --//