TUCoPS :: Web BBS :: Frequently Exploited :: b06-1588.htm

MyBB 1.10 New XSS ' member.php '
MyBB 1.10 New XSS ' member.php '
MyBB 1.10 New XSS ' member.php '


//-- MyBB 1.10 New XSS ' member.php ' --//

Webattack :-
	1- Logout
    2- Open Firefox
    3- Use [ Live HTTP Headers ]
    4- Do Register
    5- Agree It
    6- Edit Cookies By Live HTTP Headers
    7- Add This Cookies :D
    	mybb[referrer]=">HTML;

//-- FixIT --//

	Open member.php
    GoTo Line :- 595 ..


		$referrername = $_COOKIE['mybb']['referrer'];


        Replace It With

		$referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);

//-- --//

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH