.: Dee Personal Blog :.

Subtitle

Blog

MyBB Username Style Persistent XSS Vulnerability

Posted by Root on August 22, 2011 at 10:50 AM

 

 

================================================

MyBB Username Style Persistent XSS Vulnerability

================================================

:-------------------------------------------------------------------------------------------------------------------------:

: # Exploit Title : MyBB Username Style Persistent XSS Vulnerability

: # Date : 22 August 2011

: # Author : X-Cisadane

: # Software Link : http://www.mybb.com/downloads

: # Version : 1.6.4

: # Category : Web Applications

: # Vulnerability : Persistent XSS

: # Tested On : Chromium Web Browser v13 (Linux Ubuntu)

: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari

:-------------------------------------------------------------------------------------------------------------------------:


# Description : By creating or editing Username Style with this XSS code, can cause a Persistent XSS Defacing on the Main Page/Portal Page.

 


# XSS Code

<script>document.body.innerHTML="<h1>XSSed</h1>This Site Has XSSed By : X-Cisadane";</script> {username}


# Begin

[1] Login As An Administrator.

[2] Go To http://your MyBB Forum/admin/index.php?module=user-groups&action=edit&gid=4

Default gid (Group Id) = 1 (Guests), 2 (Registered), 3 (Super Moderators), 4 (Administrators), etc

[3] Edit User Group, Insert XSS Code In The Username Style.




[4] Save User Group.

[5] Go To Your Index Page Or Portal Page Or Go To http://your MyBB Forum/admin/index.php?module=user

Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

Already a member? Sign In

0 Comments