MyBB1.0.4
member.php~XSS after login
-------
[KAPDA::#35] - MyBB1.0.4~member.php~XSS after login
KAPDA New advisory
--------Summary--------
Software: MyBB
Sowtware?s Web Site: http://www.mybboard.com
Versions: 1.0.3
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: high
-------Description-------
There is a security bug in MyBB 1.0.4 software (latest version fully patched) that allows attacker performe an XSS attack. bug is in result of unsentizing quotation and < & > characters for "url"parameter.
Bug is in member.php file while redirecting after loging in.
-------Exploit-------
/mybb/member.php?action=do_login&username=imei
&password=doyouneedmine&url="><script>alert(1)</script><!--
-------Solution-------
Upgrade to vendore provided patch.
Credit :
--------------------
Discovered by imei addmimistrator
imei(4}kapda(O}ir
addmimistrator(4}gmail(O}com
www.myimei.com
Computer Security Science Researchers Institute
[http://www.KAPDA.ir]