MyBB Favicon 1.0 Cross Site Scripting

MyBB Favicon 1.0 Cross Site Scripting: Posted Jun 27, 2023; Authored by 0xB9; MyBB Favicon plugin version 1.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 48e6211cff65bfb83fc11243b98216054981ee3a62b7f4384b54d20ecdc324e2; Download | Favorite | View

MyBB Favicon 1.0 Cross Site Scripting

# Exploit Title: MyBB [PGM] Favicon Plugin 1.0 – Cross-Site Scripting
# Date: May 2, 2023
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1554
# Version: 1.0
# Tested On: Windows 10

Description:

The favicon input in the settings doesn’t sanitize the favicon URL.

Proof of Concept:

– In the admin dashboard go to Configuration > Settings > Favicon
– Enter the following payload in the URL input: “><script>alert(1)</script>.ico
– Visit any page on the forum to trigger the payload

Top Authors In Last 30 Days

Red Hat 203 files
Ubuntu 74 files
Debian 25 files
Gentoo 14 files
Ahmet Umit Bayram 6 files
Amit Roy 4 files
Furkan Eren Tetik 4 files
tmrswrr 4 files
ron190 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,073)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,514)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,167)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,155)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,609)
UNIX (9,423)
UnixWare (187)
Windows (6,665)
Other

MyBB Favicon 1.0 Cross Site Scripting

MyBB Favicon 1.0 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

MyBB Favicon 1.0 Cross Site Scripting

Share This

MyBB Favicon 1.0 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems