Miuna Shoutbox XSS vuln.

by Pirate - 23-05-2015, 01:21 AM
Contact: pirate@undoxable.net
Prime
Posts:
254
Joined:
Mar 2015
Likes:
7
Credits:
61
Reputation:
3
2 Years of Service
#1
OP
Posted: 23-05-2015, 01:21 AM (This post was last modified: 23-05-2015, 01:24 AM by Pirate.)
So someone was doing XSS on my copy of my Miuna Shoutbox and redirected the site to their script kiddie twitter.


I am not really scared as I already knew what he was doing it from, but I was just reporting that this is currently a vulnerable plugin
The Mandingo Man
Posts:
876
Joined:
Jan 2015
Likes:
123
Credits:
2,009
Reputation:
116
Sys Admin
2 Years of Service
#2
Posted: 23-05-2015, 01:27 AM
It would be helpful if you posted how they did it, or what they targeted in the script to allow people to patch it.
[Image: jqsoo2y.png]
Contact: pirate@undoxable.net
Prime
Posts:
254
Joined:
Mar 2015
Likes:
7
Credits:
61
Reputation:
3
2 Years of Service
#3
OP
Posted: 23-05-2015, 01:29 AM
Not sure exactly, trying to investigate atm
Closed Account
Posts:
145
Joined:
May 2015
Likes:
9
Credits:
65
Reputation:
7
1 Year of Service
#4
Posted: 23-05-2015, 01:36 AM
I understand how XSS are made and how to use an XSS for exploits, it's like a game for a kid.
If they succeed so you are the idiot who helped them to do that (cuz you're the owner)
If you want to correct it just send me the files of the plugin in PM
Contact: pirate@undoxable.net
Prime
Posts:
254
Joined:
Mar 2015
Likes:
7
Credits:
61
Reputation:
3
2 Years of Service
#5
OP
Posted: 23-05-2015, 03:43 AM
well I found the exploit they used thinks to pulsey
it was just html code like a meta refresh
Closed Account
Posts:
145
Joined:
May 2015
Likes:
9
Credits:
65
Reputation:
7
1 Year of Service
#6
Posted: 23-05-2015, 05:50 PM
You need to fix that XSS ;) Can be dangerous
Contact: pirate@undoxable.net
Prime
Posts:
254
Joined:
Mar 2015
Likes:
7
Credits:
61
Reputation:
3
2 Years of Service
#7
OP
Posted: 23-05-2015, 06:51 PM
(23-05-2015, 05:50 PM)DarSider Wrote: You need to fix that XSS ;) Can be dangerous

oh wow
I didn't know that

thanks for the information
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)