Image cross site scripting in Internet Explorer ONLY!
vBulletin has a title for being known as one of the most secure forums on
the internet.
Wrong! vBulletin has had its fair share of exploits over the years. One of
which is shared among many other sites and forums.
Image Cross-Site Scripting [XSS]
PoC:
Although you may upload an image to a forum that has HTML embedded in its
headers,
you probably have noticed that vBulletin discredits such actions.
At first look, it may disappoint many to see that vBulletin does not allow
image uploads with HTML in the headers,
but when one takes a further look inside vBulletin's cleansing function,
they will notice that vBulletin only checks up to 256 bytes of data.
This means, if you were to put HTML tags in the header, past 256 bytes of
data;
the image would be dubbed legit and vBulletin would allow it's upload.
Author : Pr0T3cT10n.