Lucene search

K

EV0132.txt

🗓️ 17 Aug 2006 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

New eVuln Advisory: MyBB 'Avatar URL' XSS Vulnerability, Versions: 1.1.6 and earlier, Critical Level: Moderate, Type: Cross-Site Scripting, Unpatched, PoC/Exploit available, Solution available

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`New eVuln Advisory:  
MyBB 'Avatar URL' XSS Vulnerability  
http://evuln.com/vulns/132/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0132  
Vendor: MyBB Group  
Vendor's Web Site: http://www.mybboard.com/  
Software: MyBB  
Sowtware's Web Site: http://www.mybboard.com/  
Versions: 1.1.6 and earlier  
Critical Level: Moderate  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
PoC/Exploit: Available  
Solution: Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Every user has an ability to edit his avatar URL. Avatar URL is not properly sanitized. This can be used to post arbitrary web script code using 'Tab' symbol.  
  
--------------PoC/Exploit----------------------  
  
Example of XSS:  
  
Avatar URL:  
javasc ript:alert(123)  
(using 'Tab' symbol to separate 'script' word)  
  
--------------Solution---------------------  
Solution is available at vendors web site:  
  
Upgrade you copy of MyBB to the 1.1.7 version.  
  
http://www.mybboard.com/  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo