CVE-2006-0470

MyBulletinBoard 1.02 - Cross-Site Scripting via search.php sortby and sortordr Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0470. PoCs published by imei.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in MyBB by injecting a malicious script via the 'sortby' parameter in the search.php file. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.

Description

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

Exploits (1)

exploitdb WORKING POC VERIFIED

by imei · textwebappsphp

https://www.exploit-db.com/exploits/27137

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in MyBB by injecting a malicious script via the 'sortby' parameter in the search.php file. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MyBB (version not specified)

No auth needed

Prerequisites: Access to the MyBB search.php endpoint

MITRE ATT&CK