Exploit for MyBB Thread Redirect 0.2.1 Cross Site Scripting

Name: Exploit for MyBB Thread Redirect 0.2.1 Cross Site Scripting
Rating: 5 (123 reviews)

2021-02-01 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:161214
# Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting  
# Date: 7/23/2018  
# Author: 0xB9  
# Software Link: https://github.com/jamiesage123/Thread-Redirect  
# Version: 0.2.1  
# Tested on: Windows 10  
  
1. Description:  
This plugin allows threads to redirect to a URL with optional custom text. The custom text input is vulnerable to Cross-Site Scripting.  
  
2. Proof of Concept:  
  
- Create a new thread  
- Input any Thread Subject and Redirect URL you'd like  
- Use the following payload for Your Message <svg/onload=alert('XSS')>  
Anyone who views the thread will execute payload.