[Aria-Security Team] MyBB Cross-Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Aria-Security Team] MyBB Cross-Site Scripting
From: Advisory@xxxxxxxxxxxxxxxxx
Date: 24 Jan 2007 06:43:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#Aria-Security Team
#http://Aria-Security.com
#http://www.aria-security.com/forum/showthread.php?p=144
#Contact: Advisory@xxxxxxxxxxxxxxxxx
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: MyBB
#
#Explanation:
First of all user must be REGISTERED and authorized
- Go to http://target/mybbpath/private.php
- Inster your xss code for Subject
- Press Preview

Prev by Date: Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability
Next by Date: Toxiclab Shoutbox Password Disclosure Vulnerability
Previous by thread: [USN-413-1] BlueZ vulnerability
Next by thread: Toxiclab Shoutbox Password Disclosure Vulnerability
Index(es):
- Date
- Thread