Home Tools Exploits & CVE's MyBB External Redirect Warning 1.3 Cross Site Scripting

MyBB External Redirect Warning 1.3 Cross Site Scripting

March 24, 2023

315

Authored by 0xB9

MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.

advisories | CVE-2022-28353

# Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting
# Date: February 1, 2021
# Author: 0xB9
# Twitter: @0xB9sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=493
# Version: 1.3
# Tested On: Windows 10
# CVE: CVE-2022-28353

Description:
This plugin notifies the user when they are being redirect to an off-site page. The redirect URL is vulnerable to XSS.

Proof of Concept:

– Go to the following URL… external.php?url=javascript:alert(1);
– Click continue
Payload will execute

MyBB External Redirect Warning 1.3 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

FBI: Fraudsters using fake online dating verification apps to scam lovers

Know-your-customer executive order facing stiff opposition from cloud industry

Congress picked a direct fight with ByteDance and TikTok. The privacy...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

WordPress Stafflist 3.1.2 SQL Injection

Webkul Qloapps 1.5.2 Cross Site Scripting

Hospital HMS 2.7 SQL Injection