New Include Redirect Bug XSS All vBulletin® v 3.x.x

2007.06.26
Credit: rUnViRuS
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

+-------------------------------------------------------------------- + + New Include Redirect Bug XSS All vBulletin&#174; v 3.x.x + +-------------------------------------------------------------------- + vendor site........: http://www.vbulletin.com/ + Affected Software .: vbulletin + Class .............: XSS + Risk ..............: Low + Found by ..........: rUnViRuS + Original advisory .: http://www.sec-area.com/ + Contact ...........: stormhacker[at]hotmail[.]com + +-------------------------------------------------------------------- New Include Redirect Bug XSS All vBulletin v 3.x.x This injections would allow an attacker to Include Redirect Admin to a page of his choice, effectively Xss the page and steal cookie : xss permanent ( must be Upload any File on Site Have Xss code ) PoC : <script>alert(document.cookie)</script>. to be used with cookie stealer following is a simple attack :- http://localhost/vb/admincp/index.php?loc=../../../nez.txt When opened url Will stealing cookies +-------------------------------------------------------------------- + [W]orld [D]efacers [T]eam + Greets: + || rUnViRuS || - || Provide || - || HeX || - || dEv!L RoOT || + || BlackWHITE || - || dOcnok || - || A.tar0uDant.D || + || Pro Hacker || - || DARKFIRE || - || papipsycho || + Sp.Thanx To : Sec-Area.com Member's +-------------------------[ W D T ]----------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top