bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49500.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

17 lines
No EOL
599 B
Text
Raw Permalink Blame History

# Exploit Title: MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
# Date: 1/25/2021
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://github.com/vintagedaddyo/MyBB_Plugin-Delete_Account/
# Version: 1.4
# Tested on: Windows 10
1. Description:
This plugin allows users to delete their account. Giving a reason for deleting your account is vulnerable to XSS.
2. Proof of Concept:
- Go to User CP -> Delete Account
- Input a payload for delete account reason <script>alert('XSS')</script>
Payload will execute here.. admin/index.php?module=user-deleteaccount
Reference in a new issue View git blame Copy permalink