Lucene search
0xB91337DAY-ID-30475HistoryMay 29, 2018 - 12:00 a.m.
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Vulnerability
2018-05-2900:00:00
0xB9
0day.today
26
EPSS
0.001
Percentile
45.3%
Exploit for php platform in category web applications
# Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1125
# Version: 1.0.2
# Tested on: Ubuntu 18.04
# CVE: CVE-2018-11532
1. Description:
This plugin displays advanced statistics on the index page such as latest posts with auto refresh using AJAX.
2. Proof of Concept:
Create a new thread with the following payload as the title <svg onload=alert('XSS')>
The alert will appear on the index page
3. Solution:
Update to the latest release
# 0day.today [2018-05-29] #Related
exploitpack
exploitpack
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
2018-05-29 00:00:00
prion
prion
Cross site scripting
2018-05-29 07:29:00
nvd
nvd
CVE-2018-11532
2018-05-29 07:29:00
packetstorm
packetstorm
MyBB 1.6.x ChangUonDyU Chatbox 3.6.0 Cross Site Scripting
2019-02-25 00:00:00
MyBB ChangUonDyU 1.0.2 Cross Site Scripting
2018-05-29 00:00:00
exploitdb
exploitdb
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
2018-05-29 00:00:00
cvelist
cvelist
CVE-2018-11532
2018-05-29 07:00:00
cve
cve
CVE-2018-11532
2018-05-29 07:29:00