[MyBB 1.6.9]Reflected XSS in ModCP 02-19-2013, 12:33 AM
#1
Hi!
So I've discovered a XSS vulnerability in MyBB. The vulnerability affects version 1.6.9 (newest release at the date of writing this thread - 19.2.2013) and possibly all previous versions too.
In the following link, you will find an example of the exploit and also a way to patch it.
I have contacted MyBB and the official fix will be released in the next version (1.6.10).
http://blog.1llusion.info/2013/02/mybb-1...vious.html
Have a nice day!
So I've discovered a XSS vulnerability in MyBB. The vulnerability affects version 1.6.9 (newest release at the date of writing this thread - 19.2.2013) and possibly all previous versions too.
In the following link, you will find an example of the exploit and also a way to patch it.
I have contacted MyBB and the official fix will be released in the next version (1.6.10).
http://blog.1llusion.info/2013/02/mybb-1...vious.html
Have a nice day!
Staff will never ever ask you for your personal information.
We know everything about you anyway.
We know everything about you anyway.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)