Created
May 13, 2018 18:27
-
-
Save MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc to your computer and use it in GitHub Desktop.
Revisions
-
MayurUdiniya created this gist
May 13, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,46 @@ > MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, > which makes it easier for remote attackers to conduct redirection attacks. > > ------------------------------------------ > > [Additional Information] > is parsing link with target="_blank" rel="noopener" > <a class=mycode_url href=malicious.html target="_blank" rel="noopener"> malicious.html </a> MyBB users with Microsoft Edge browser are vulnerable for this attack > > ------------------------------------------ > > [VulnerabilityType Other] > target=_blanket Phishing attack in chat > > ------------------------------------------ > > [Vendor of Product] > MyBB > > ------------------------------------------ > > [Affected Product Code Base] > MyBB - Version 1.8.15 > > ------------------------------------------ > > [Affected Component] > MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open source forum software developed by the MyBB Group > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [CVE Impact Other] > Phishing & Invalidate redirect > > [Discoverer] > Mayur Udiniya > > ------------------------------------------ > > [Reference] > https://blog.mybb.com