Hi , i didn't update the blog for some time as i was busy with some other stuff but now onward some cool stuff coming soon which i found but didn't publish them..
Mybb XSS , some days back i found a advisory XSS in search.php
Reference : http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/
After reading the article and little reviewing the code i found same types of function were coded for searching private messages.
So i fuzz the same inputs strings which was used by author in search.php and got private.php also vuln to XSS.
function privatemessage_perform_search_mysql
----in /inc/function_search.php
called in private.php
private.php
POST paramter keywords
Data:<script>alert(/Saadi/)</script>qor'("\2a</script>
P0c
Mybb XSS , some days back i found a advisory XSS in search.php
Reference : http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/
After reading the article and little reviewing the code i found same types of function were coded for searching private messages.
So i fuzz the same inputs strings which was used by author in search.php and got private.php also vuln to XSS.
function privatemessage_perform_search_mysql
----in /inc/function_search.php
called in private.php
private.php
POST paramter keywords
Data:<script>alert(/Saadi/)</script>qor'("\2a</script>
P0c
Moreover Mybb 1.8 alpha is also vuln on private.php..
So this is for today ;)
#Independent Pakistani Security Researcher
