Home / os / winme

vbultop-xss.txt

Posted on 22 June 2007

+-------------------------------------------------------------------- + + New post Topic Hijacking XSS All vBulletin® v 3.x.x + +-------------------------------------------------------------------- + vendor site........: http://www.vbulletin.com/ + Affected Software .: vbulletin + Class .............: XSS + Risk ..............: Low + Found by ..........: rUnViRuS + Original advisory .: http://www.sec-area.com/ + Contact ...........: stormhacker[at]hotmail[.]com + Vulnerable Script..: showthread.php +-------------------------------------------------------------------- New Include Redirect Bug XSS [showthread.php] All vBulletin v 3.x.x This injections would allow an attacker to stealing cookies who be opened url Xss the page and steal cookie : xss permanent ( must be post Topic and upload Any File Have Code Xss ) PoC : <script>alert(document.cookie)</script>. to be used with cookie stealer following is a simple attack :- post Topic :- click on insert link :- Hyperlink information type :- (other) URl :- ../../xss.txt ( path XSS File On Site[Include Path]) When opened url Will stealing cookies +-------------------------------------------------------------------- + [W]orld [D]efacers [T]eam + Greets: + || rUnViRuS || - || Provide || - || HeX || - || dEv!L RoOT || + || BlackWHITE || - || dOcnok || - || A.tar0uDant.D || + || Pro Hacker || - || DARKFIRE || - || papipsycho || + Sp.Thanx To : Sec-Area.com Member's +-------------------------[ W D T ]----------------------------------

 

TOP