vBulletin 3.5.1 suffers from a cross site scripting flaw due to the control panel not properly sanitizing variables.
15fa84271d93c8c72194b016c8d96de0fdf4e2671cf81aee98f9b6ab56b913ca
re, submissions[at]packetstormsecurity.org.
http://nshell.h15.ru/advisory's/vBulletin%203.5.1xss.txt
=========================================================
= [N] Shell : advizory =
=========================================================
PRODUCT: vBulletin 3.5.1
DESCRIPTION:
vBulletin is a powerful, scalable and fully
customizable forums package for your web site.
It has been written using the Web's
quickest-growing scripting language; PHP, and
is complemented with a highly efficient and
ultra fast back-end database engine built
using MySQL.
http://vbulletin.net.ru/files/index.php?dlid=261
VULN:
The homepage parameter in usec control panel is not
filtered correctly and u may attack using XSS.
Xpl:
http://whitehats.org"<script>[any code]</script><a href="fuckru.net
[N] Shell http://nshell.h15.ru
[NicatiN] 2005
--
wbr,
[N] mailto:n_shell@mail.ru