what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

vBulletin 4.0.8 PL1 Cross Site Scripting Filter Bypass

vBulletin 4.0.8 PL1 Cross Site Scripting Filter Bypass
Posted Nov 22, 2010
Authored by MaXe

vBulletin version 4.0.8 PL1 suffers from a cross site scripting filter bypass vulnerability.

tags | exploit, xss, bypass
SHA-256 | d46b6323051b1c93fb2c5d131d46becb2785b74ae325c5aa82a1f76eb3ccb419

vBulletin 4.0.8 PL1 Cross Site Scripting Filter Bypass

Change Mirror Download
vBulletin - XSS Filter Bypass within Profile Customization


Versions Affected: 4.0.8 PL1 (3.8.* is not vulnerable.)

Info:
Content publishing, search, security, and more - vBulletin has it all.
Whether it's available features, support, or ease-of-use, vBulletin offers
the most for your money. Learn more about what makes vBulletin the
choice for people who are serious about creating thriving online communities.

External Links:
http://www.vbulletin.com

Credits: MaXe (@InterN0T)


-:: The Advisory ::-
vBulletin is prone to a Persistent Cross Site Scripting vulnerability within the
Profile Customization feature. If this feature is not enabled the vulnerability
does not exist and the installation of vBulletin is thereby secure.

Within the profile customization fields, it is possible to enter colour codes,
rgb codes and even images. The image url() function does not sanitize user
input in a sufficient way causing vBulletin to be vulnerable to XSS attacks.

With the previous patch for vBulletin 4.0.8 PL1, most attacks were disabled
however it is possible to bypass this filter and inject data which is then executed
effectively against though not limited to Internet Explorer 6.

Proof of Concept:
url(vbscript:msgbox("X/SS"))


-:: Solution ::-
Update vBulletin to version: 4.0.8 PL2


Disclosure Information:
- Vulnerability found and researched: 18th November 2010
- Disclosed to vendor (Internet Brands): 18th November
- Patch from Vendor available: 19th November
- Disclosed at: InterN0T, Full Disclosure, Bugtraq and Exploit: 20th November


References:
http://forum.intern0t.net/intern0t-advisories/3398-vbulletin-4-0-8-pl1-cross-site-scripting-filter-bypass-within-profile-customization.html
http://forum.intern0t.net/intern0t-advisories/3349-vbulletin-4-0-8-persistent-cross-site-scripting-via-profile-customization.html
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close