[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MyBB KingChat Plugin Persistent XSS Vulnerability

Author
VipVince
Risk
[
Security Risk High
]
0day-ID
0day-ID-19930
Category
web applications
Date add
09-12-2012
Platform
php
Exploit Title: MyBB 'kingchat' chat-box plugin.
Google Dork: inurl:/kingchat.php?
Date: 8/12/12
Author: VipVince
Vendor Homepage: http://mods.mybb.com/
Software LinK: http://mods.mybb.com/view/kingchat
Tested on: Windows

Using the dork  inurl:/kingchat.php? you will see multiple forums running this chat plugin.

Note *Registration on the forums is required* for persistent XSS to work.

Now click a random forum with this plugin installed and you will see this:

http://vulnforum.com/kingchat.php?notic

Remove 'notic' at the end of the URL and add "chat=2&1=2" to our query so it becomes:

http://server/kingchat.php?chat=2&l=2

You will see the vulnerable chat box :). Submit your XSS for instance <script>alert("vipvince")</script>

Now to see our saved JavaScript alert go to:

http://server/kingchat.php?chat=2&l=2&message=

Your persistant XSS will be stored here.

Enjoy ;). VipVince.

#  0day.today [2024-12-27]  #