####################
- Description:
####################
Web Wiz Forums bulletin board system is the ideal forum package for
your website's community.
####################
- Vulnerability:
####################
=====================================================================
Description:
GRBoard (VERSION 1.8 )is bulletin board system of Korea.
It is freely available for all platforms that supports PHP and MySQL.
But I find Remote File Inclusion vulnerability.
=====================================================================
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MyBB is a discussion board that has been around for a while; it has evolved
from other bulletin boards into the forum package it is today. Therefore,
it is a professional and efficient discussion board, developed by an active
team of developers.
Vulnerabilities discovered
===============================================================================
Overview:
Quote from http://www.mybboard.net
"MyBB is a discussion board that has been around for a while; it has
evolved from other bulletin boards into the forum package it is
today. Therefore, it is a professional and efficient discussion
board, developed by an active team of developers. The MyBB history
has been recorded and is available for the interested to read.
You can also read more about the MyBB team and why they develop
MyBB in their spare time. We also like to highlight the most
=====================================================================
Description:
GRBoard (VERSION 1.8 )is bulletin board system of Korea.
It is freely available for all platforms that supports PHP and MySQL.
But I find Remote File Inclusion vulnerability.
=====================================================================
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MyBB is a discussion board that has been around for a while; it has evolved
from other bulletin boards into the forum package it is today. Therefore,
it is a professional and efficient discussion board, developed by an active
team of developers.
Vulnerabilities discovered
===============================================================================
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MyBB is a discussion board that has been around for a while; it has evolved
from other bulletin boards into the forum package it is today. Therefore,
it is a professional and efficient discussion board, developed by an active
team of developers.
Vulnerabilities discovered
===============================================================================
Overview:
Quote from http://www.mybboard.net
"MyBB is a discussion board that has been around for a while; it has
evolved from other bulletin boards into the forum package it is
today. Therefore, it is a professional and efficient discussion
board, developed by an active team of developers. The MyBB history
has been recorded and is available for the interested to read.
You can also read more about the MyBB team and why they develop
MyBB in their spare time. We also like to highlight the most
A real-world hacking scenario would look like:
1. Attacker injects malicious javascript on
(a) His or her evil site OR
(b) On a legitimate site which allows javascript (e.g. bulletin boards,
dashboards, etc).
2. Victim visits the above site.
3. Malicious javascript runs and first checks browser history (using CSS
