MyBB 1.10 New XSS ' member.php '

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

//-- MyBB 1.10 New XSS ' member.php ' --//

Webattack :-
	1- Logout
    2- Open Firefox
    3- Use [ Live HTTP Headers ]
    4- Do Register
    5- Agree It
    6- Edit Cookies By Live HTTP Headers
    7- Add This Cookies :D
    	mybb[referrer]="></input><b>HTML</b><input>;

//-- FixIT --//

	Open member.php
    GoTo Line :- 595 ..


		$referrername = $_COOKIE['mybb']['referrer'];


        Replace It With

		$referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);

//-- --//
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux