Invalid characters removed from From: o.y.6@xxxxxxxxxxx, |@securityfocus.com, ## MyBB 1.02 usercp2.php XSS ##------------------------------## ## Devil-00 D3vil-0x1 - Attacking MyBB :)## ## ## ## devil-00@xxxxxx ## ## ## ##-----------------------------### ## ## File :- usercp2.php ## Var :- $url ## Line's :- ## -> 39 ## -> 58 ## -> 84 ## -> 108 ## -> 130 ## -> 149 ## -> 164 ## -> 178 ## -> 192 ################################### ## ## Exploit :- ##-------------------------------------------------------------## [ Go to any topic .. then go to the end of the page ] [ you will see " Add Thread to Favorites " ] [ open the firefox with Live HTTP Headers ] [ and click it .. go to Headers Edit ] [ edit Referer :- "><script>alert(document.cookie);</script> ] ##-------------------------------------------------------------## ## ## Gr33tz :- www.securitygurus.net BlackRay <- my new homei HACKERS PAL Valm0nt Abducter j7a abdalmaged Xion And Others [ S4a Members with SG Members ] ** chow **
