MyBB 1.6.2 Stored XSS Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MyBB 1.6.2 Stored XSS Vulnerability
# Published : 2011-02-23
# Author : Xinapse
# Previous Title : GigPress 2.1.10 Wordpress Plugin Stored XSS Vulnerability
# Next Title : Dotproject 2.1.5 Multiple Vulnerabilities

MyBB Recent Topics Stored XSS Vulnerability
Version: MyBB 1.6.2
Plugin Page: http://mods.mybb.com/view/recent-topics-on-index-page
Found by: Xinapse
Site: http://www.iexploit.org
Risk: Medium/High

Description: By creating a thread with your XSS code as the title any user
with any level of privellages can cause XSS on the index.php main page.
For example: <script>alert('xss')</script>

Shouts: Semtex, Chronic, Bursihido, D0wngrade, George