Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormVipVincePACKETSTORM:118706
HistoryDec 08, 2012 - 12:00 a.m.

MyBB Kingchat Cross Site Scripting

2012-12-0800:00:00
VipVince
packetstormsecurity.com
11
JSON
`Exploit Title: MyBB 'kingchat' chat-box plugin.  
Google Dork: inurl:/kingchat.php?  
Date: 8/12/12  
Author: VipVince  
Vendor Homepage: http://mods.mybb.com/  
Software LinK: http://mods.mybb.com/view/kingchat  
Tested on: Windows  
  
Using the dork inurl:/kingchat.php? you will see multiple forums running this chat plugin.  
  
Note *Registration on the forums is required* for persistent XSS to work.  
  
Now click a random forum with this plugin installed and you will see this:  
  
http://vulnforum.com/kingchat.php?notic  
  
Remove 'notic' at the end of the URL and add "chat=2&1=2" to our query so it becomes:  
  
http://server/kingchat.php?chat=2&l=2  
  
You will see the vulnerable chat box :). Submit your XSS for instance <script>alert("vipvince")</script>  
  
Now to see our saved JavaScript alert go to:  
  
http://server/kingchat.php?chat=2&l=2&message=  
  
Your persistant XSS will be stored here.  
  
Enjoy ;). VipVince.  
  
`
JSON