Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- MyBB External Redirect Warning 1.3 Cross Site Scripting[6]
- Authored by 0xB9[7]
-
MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.
- advisories | CVE-2022-28353[8]
- SHA-256 |
30648b0a86ff796492c571bdf536801d2869613474a695f71e4142c2ef8f81e5
- Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting
# Date: February 1, 2021
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=493
# Version: 1.3
# Tested On: Windows 10
# CVE: CVE-2022-28353
Description:
This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.
Proof of Concept:
– Go to the following URL… external.php?url=javascript:alert(1);
– Click continue
Payload will execute
File Tags
- ActiveX[19] (932)
- Advisory[20] (80,514)
- Arbitrary[21] (15,906)
- BBS[22] (2,859)
- Bypass[23] (1,648)
- CGI[24] (1,020)
- Code Execution[25] (7,023)
- Conference[26] (676)
- Cracker[27] (840)
- CSRF[28] (3,305)
- DoS[29] (22,907)
- Encryption[30] (2,358)
- Exploit[31] (50,646)
- File Inclusion[32] (4,177)
- File Upload[33] (950)
- Firewall[34] (821)
- Info Disclosure[35] (2,685)
- Intrusion Detection[36] (876)
- Java[37] (2,957)
- JavaScript[38] (830)
- Kernel[39] (6,436)
- Local[40] (14,287)
- Magazine[41] (586)
- Overflow[42] (12,529)
- Perl[43] (1,419)
- PHP[44] (5,110)
- Proof of Concept[45] (2,297)
- Protocol[46] (3,492)
- Python[47] (1,486)
- Remote[48] (30,249)
- Root[49] (3,530)
- Rootkit[50] (502)
- Ruby[51] (601)
- Scanner[52] (1,633)
- Security Tool[53] (7,821)
- Shell[54] (3,129)
- Shellcode[55] (1,206)
- Sniffer[56] (890)
- Spoof[57] (2,181)
- SQL Injection[58] (16,162)
- TCP[59] (2,383)
- Trojan[60] (687)
- UDP[61] (880)
- Virus[62] (663)
- Vulnerability[63] (31,350)
- Web[64] (9,451)
- Whitepaper[65] (3,739)
- x86[66] (946)
- XSS[67] (17,564)
- Other[68]
File Archives
- March 2023[69]
- February 2023[70]
- January 2023[71]
- December 2022[72]
- November 2022[73]
- October 2022[74]
- September 2022[75]
- August 2022[76]
- July 2022[77]
- June 2022[78]
- May 2022[79]
- April 2022[80]
- Older[81]
Systems
- AIX[82] (426)
- Apple[83] (1,951)
- BSD[84] (370)
- CentOS[85] (55)
- Cisco[86] (1,919)
- Debian[87] (6,710)
- Fedora[88] (1,691)
- FreeBSD[89] (1,242)
- Gentoo[90] (4,288)
- HPUX[91] (878)
- iOS[92] (338)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (67)
- Linux[96] (45,054)
- Mac OS X[97] (684)
- Mandriva[98] (3,105)
- NetBSD[99] (256)
- OpenBSD[100] (482)
- RedHat[101] (12,874)
- Slackware[102] (941)
- Solaris[103] (1,609)
- SUSE[104] (1,444)
- Ubuntu[105] (8,426)
- UNIX[106] (9,205)
- UnixWare[107] (185)
- Windows[108] (6,530)
- Other[109]
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]