MyBB Downloads Plugin

In this exercise, the attacker has access to a non-privileged account. And this, access does lead to an XSS attack. In such cases, this can be used to attack admin or other users. Even if it doesn't, you can try to find this XSS as purely academic exercise.

A version of MyBB Downloads Plugin is vulnerable to a stored cross site scripting attack.

The following username and passwords may be used to explore the application and/or find a vulnerability which might require authenticated access:

Objective: Your task is to find and exploit this vulnerability.

Solutions:

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-9.pdf

PreviousWP Relevanssi plugin XSS NextExploiting DOM-Based XSS Vulnerabilities

Last updated 11 months ago