MyBB 1.10 New XSS ' member.php '

2006-04-1400:00:00

vulners.com

JSON

//-- MyBB 1.10 New XSS ' member.php ' --//

Webattack :-
1- Logout
2- Open Firefox
3- Use [ Live HTTP Headers ]
4- Do Register
5- Agree It
6- Edit Cookies By Live HTTP Headers
7- Add This Cookies :D
mybb[referrer]="></input><b>HTML</b><input>;

//-- FixIT --//

    Open member.php
GoTo Line :- 595 ..


            $referrername = $_COOKIE[&#39;mybb&#39;][&#39;referrer&#39;];


    Replace It With

            $referrername = htmlspecialchars&#40;$_COOKIE[&#39;mybb&#39;][&#39;referrer&#39;]&#41;;

//-- --//

JSON

MyBB 1.10 New XSS &#39; member.php &#39;

MyBB 1.10 New XSS ' member.php '