Created
May 13, 2018 18:27
-
-
Save MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc to your computer and use it in GitHub Desktop.
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements CVE-2018-10678
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, | |
> which makes it easier for remote attackers to conduct redirection attacks. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> is parsing link with target="_blank" rel="noopener" | |
> <a class=mycode_url href=malicious.html target="_blank" rel="noopener"> malicious.html </a> MyBB users with Microsoft Edge browser are vulnerable for this attack | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> target=_blanket Phishing attack in chat | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> MyBB | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> MyBB - Version 1.8.15 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open source forum software developed by the MyBB Group | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [CVE Impact Other] | |
> Phishing & Invalidate redirect | |
> | |
> [Discoverer] | |
> Mayur Udiniya | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://blog.mybb.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment