|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Aria-Security Team] MyBB Cross-Site Scripting
Advisory
Aria-Security.Net
Date: Wed Jan 24 2007 - 00:43:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
#Aria-Security Team
#http://Aria-Security.com
#http://www.aria-security.com/forum/showthread.php?p=144
#Contact: Advisoryaria-security.com
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: MyBB
#
#Explanation:
First of all user must be REGISTERED and authorized
- Go to http://target/mybbpath/private.php
- Inster your xss code for Subject
- Press Preview
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]