ZeroSecurity - Information Security News
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Breaches
  • Crypto
  • Privacy
  • Tech
    • AI
    • Downloads
      • Malwarebytes
      • Exploits
      • Paper Downloads
    • Reviews
No Result
View All Result
SUBSCRIBE
ZeroSecurity - Information Security News
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Breaches
  • Crypto
  • Privacy
  • Tech
    • AI
    • Downloads
      • Malwarebytes
      • Exploits
      • Paper Downloads
    • Reviews
No Result
View All Result
ZeroSecurity - Information Security News
No Result
View All Result
Home Exploits

New MyBB POST XSS Zero-day

Paul by Paul
February 4, 2014
in Exploits, Security
Reading Time: 1 min read
xss mybb 0day
Share on FacebookShare on Twitter

Osanda Malith, an independent security researcher has released his new findings in a blog post yesterday.  He demonstrated a newly found zero-day that allows an attacker to inject code into Mybb’s search.php file via a POST XSS exploit.

In the blog post, he writes “This is a weird bug I found in MyBB. I fuzzed the input of the search.php file. This was my input given.”

After injection, Mybb spits out a SQL error:

You might also like

Hackers Exploit Maximum-Severity Cisco Zero-Day Bug Since 2023 (CVE-2026-20127)

How Hackers Still Manage to Compromise MFA

Anthropic Unveils Claude Code Security to Detect and Fix Critical Vulnerabilities

finalerror

You can view the POC video here:

You can get the POC script here:

Tags: exploitmybbzero day
Previous Post

Spyeye Coder Pleads Guilty

 Next Post

Holiday Inn Allegedly breached

Paul

Paul

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the bottom of the page.

Recommended For You

Photo of the CISCO logo and text saying "You have been hacked!"

Hackers Exploit Maximum-Severity Cisco Zero-Day Bug Since 2023 (CVE-2026-20127)

March 6, 2026
How Hackers Still Manage to Compromise MFA

How Hackers Still Manage to Compromise MFA

March 6, 2026

Anthropic Unveils Claude Code Security to Detect and Fix Critical Vulnerabilities

February 22, 2026

Phishing 2.0: How AI is Turning Cyber Attacks into a Science

January 7, 2025 - Updated on January 9, 2025

DoubleClickjacking – The Stealthy New Web Exploit Threatening User Security

January 1, 2025

Critical Vulnerabilities Exposed in Ruijie Networks Cloud Platform

December 25, 2024

Related News

Malicious Chrome Extensions Steal AI Data and Hijack Revenue in DarkSpectre Campaign

Malicious Chrome Extensions Steal AI Data and Hijack Revenue in DarkSpectre Campaign

January 30, 2026
KPMG Netherlands Listed as Victim by Nova Ransomware Group

KPMG Netherlands Listed as Victim by Nova Ransomware Group

January 24, 2026
RansomHouse Claims Breach of Key Apple Assembler Luxshare

RansomHouse Claims Breach of Key Apple Assembler Luxshare

January 20, 2026
ZeroSecurity - Information Security News

We cover the latest in technology news, Crypto, Artificial Intelligence, and the threat trends impacting these sectors.

Categories

Piracy

Tutorials

Programming

Malware Analysis

Downloads

  • Contact us
  • Press
  • Writers
  • Privacy Policy
  • Terms of Service

© 2026 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
    • Tools
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Contact Us
    • Press
  • Privacy Policy

© 2026 ZeroSecurity, All Rights Reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.