mailing list archives
Re: “Cross-Site Scripting” vul nerability in MyBB 1.4.5
From: Andrew Farmer <andfarm () gmail com>
Date: Sun, 3 May 2009 14:19:39 -0700
On 03 May 09, at 05:01, Jacques Copeau wrote:
Advisory : “Cross-Site Scripting” vulnerability in MyBB
The XSS renders in all browsers and on various pages inside the myBB
We consider it to be particularly grave, as it renders on the ACP
page; this can be easily exploited to construct a universal CSRF
that introduces malicious php code into the script.
So, er, is this vulnerability XSS, CSRF, or RCE? Pick one and stick
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/