bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44795.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

25 lines
No EOL
632 B
Text
Raw Blame History

# Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting
# Date: 5/25/2018
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1125
# Version: 1.0.2
# Tested on: Ubuntu 18.04
# CVE: CVE-2018-11532
1. Description:
This plugin displays advanced statistics on the index page such as latest posts with auto refresh using AJAX.
2. Proof of Concept:
Create a new thread with the following payload as the title <svg onload=alert('XSS')>
The alert will appear on the index page
3. Solution:
Update to the latest release
Reference in a new issue View git blame Copy permalink