[myimei]MyBB 1.0.2 XSS attack in search.php

Type securityvulns
Reporter Securityvulns
Modified 2006-02-08T00:00:00


original advisory: http://myimei.com/security/2006-01-14-mybb-102searchphpxss-attackandmore/index.html

—————-Summary—————- Software: MyBB Sowtware’s Web Site: http://mybboard.com Versions: 1.0.2 Class: Remote Status: patched in 1.0.3 Exploit: Available Solution: Available Discovered by: imei Risk: low —————–Description————— mybb has a security bug that allows hacker to know that what is the table perfix value in database also can perform a XSS attack. bug is in result of leaving some unneeded codes in search.php file. ————–Exploit———————- go to this url in forum search.php?s=de1aaf9b&action=do_search&keywords=%3Cscript%3E alert(1)%3C/script%3E&srchtype=3 ————–Solution——————— No Patch available. (bug reported to vendor today) ————–Credit———————– Discovered by: imei addmimistrator addmimistrator[4]gmail[O]com www.myimei.com security.myimei.com