Lucene search
0xB9EDB-ID:45393HistorySep 12, 2018 - 12:00 a.m.
MyBB 1.8.17 - Cross-Site Scripting
2018-09-1200:00:00
0xB9
www.exploit-db.com
14
0.015 Low
EPSS
Percentile
86.8%
# Exploit Title: MyBB 1.8.17 - Cross-Site Scripting
# Date: 2018-08-11
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://mybb.com/download/
# Version: 1.8.17
# Tested on: Ubuntu 18.04
# CVE: CVE-2018-15596
# 1. Description:
# On the forum RSS Syndication page you can generate a URL for example...
# http://localhost/syndication.php?fid=&type=atom1.0&limit=15, the thread titles on
# those generated links aren't sanitized.
# 2. Proof of Concept:
- Make or find a thread of yours on the RSS feed
- Use this payload as the thread title <a href="//google.com">Cool Thread Title</a>
- View RSS feed with your thread again but with the generated URL and click on your thread
- When the thread is clicked you will be redirected to google.comRelated
exploitpack
exploitpack
MyBB 1.8.17 - Cross-Site Scripting
2018-09-12 00:00:00
packetstorm
packetstorm
MyBB 1.8.17 Cross Site Scripting
2018-09-12 00:00:00
cve
cve
CVE-2018-15596
2018-08-28 19:29:00
zdt
zdt
MyBB 1.8.17 - Cross-Site Scripting Vulnerability
2018-09-16 00:00:00
openvas
openvas
myBB <= 1.8.17 XSS Vulnerability
2018-08-31 00:00:00
cvelist
cvelist
CVE-2018-15596
2018-08-28 19:00:00
prion
prion
Cross site scripting
2018-08-28 19:29:00