MyBB KingChat Plugin – Persistent Cross-Site Scripting

• Exploit Database
• 12 阅读

• 作者： VipVince
  日期： 2012-12-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/23249/

• Exploit Title: MyBB 'kingchat' chat-box plugin.
  Google Dork: inurl:/kingchat.php?
  Date: 8/12/12
  Author: VipVince
  Vendor Homepage: http://mods.mybb.com/
  Software LinK: http://mods.mybb.com/view/kingchat
  Tested on: Windows
  
  Using the dorkinurl:/kingchat.php? you will see multiple forums running this chat plugin.
  
  Note *Registration on the forums is required* for persistent XSS to work.
  
  Now click a random forum with this plugin installed and you will see this:
  
  http://vulnforum.com/kingchat.php?notic
  
  Remove 'notic' at the end of the URL and add "chat=2&1=2" to our query so it becomes:
  
  http://server/kingchat.php?chat=2&l=2
  
  You will see the vulnerable chat box :). Submit your XSS for instance <script>alert("vipvince")</script>
  
  Now to see our saved JavaScript alert go to:
  
  http://server/kingchat.php?chat=2&l=2&message=
  
  Your persistant XSS will be stored here.
  
  Enjoy ;). VipVince.