Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Homepage: http://mods.mybb.com/ Software LinK: http://mods.mybb.com/view/kingchat Tested on: Windows Using the dork inurl:/kingchat.php? you will see multiple forums running this chat plugin. Note *Registration on the forums is required* for persistent XSS to work. Now click a random forum with this plugin installed and you will see this: http://vulnforum.com/kingchat.php?notic Remove 'notic' at the end of the URL and add "chat=2&1=2" to our query so it becomes: http://server/kingchat.php?chat=2&l=2 You will see the vulnerable chat box :). Submit your XSS for instance <script>alert("vipvince")</script> Now to see our saved JavaScript alert go to: http://server/kingchat.php?chat=2&l=2&message= Your persistant XSS will be stored here. Enjoy ;). VipVince.Брой прочитания на тази страница: 1630
MyBB KingChat Plugin Persistent XSS