vBulletin Upload Image(XSS) - Internet Explorer only

2007.06.05

Credit: Pr0T3cT10n

Risk: Low

Local: No

Remote: Yes

CVE: GENERIC-MAP-NOMATCH

CWE: CWE-79

Image cross site scripting in Internet Explorer ONLY!
vBulletin has a title for being known as one of the most secure forums on
the internet.
Wrong! vBulletin has had its fair share of exploits over the years. One of
which is shared among many other sites and forums.
Image Cross-Site Scripting [XSS]
PoC:
Although you may upload an image to a forum that has HTML embedded in its
headers,
you probably have noticed that vBulletin discredits such actions.
At first look, it may disappoint many to see that vBulletin does not allow
image uploads with HTML in the headers,
but when one takes a further look inside vBulletin's cleansing function,
they will notice that vBulletin only checks up to 256 bytes of data.
This means, if you were to put HTML tags in the header, past 256 bytes of
data;
the image would be dubbed legit and vBulletin would allow it's upload.
Author : Pr0T3cT10n.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

vBulletin Upload Image(XSS) - Internet Explorer only

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.