Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] XSS Possibility when you posting a new announcement [C-Chris]
#1
To do this you must have admin permission. When you post a new announcement you'll insert a script string in the Title Input
ex: <script>alert("Hi")</script>
After that you post a new announcement it'll appair an alert. In user side this bug hasn't effect but in admin side yes. We'll insert a cookie stealing process and so to steal the founder account.

I hope you'll repair this bug
Hi,
Ketto93
_______________________
MyBB Italian Lover


Messages In This Thread
[F] XSS Possibility when you posting a new announcement [C-Chris] - by ketto93 - 12-10-2008, 05:21 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)