# Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting # Date: 7/23/2018 # Author: 0xB9 # Software Link: https://github.com/jamiesage123/Thread-Redirect # Version: 0.2.1 # Tested on: Windows 10 1. Description: This plugin allows threads to redirect to a URL with optional custom text. The custom text input is vulnerable to Cross-Site Scripting. 2. Proof of Concept: - Create a new thread - Input any Thread Subject and Redirect URL you'd like - Use the following payload for Your Message <svg/onload=alert('XSS')> Anyone who views the thread will execute payload.