vBulletin <= 3.8.4 XSS Vulnerability

2010-04-06 / 2010-04-07

Credit: ITSecTeam

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: \"powered by vbulletin\"

==========================================
vBulletin <= 3.8.4 XSS Vulnerability
==========================================

#############
#Title:             vBulletin <= 3.8.4
#Vendor:            http://vbulletin.org
#Dork:              "powered by vbulletin"

#############
#AUTHOR:            ITSecTeam
#Email:             Bug@ITSecTeam.com
#Website:           http://www.itsecteam.com
#Forum :            http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability34.htm
#Thanks:           Pejvak,M3hr@n.s,Sr3dm0v3,am!rkh@n
#############

POC :
#############
First Page Manager, then enter're part of the Styles & Templates Download
/Upload Styls then Import Style XML File format, we upload your desired
area code Title for Uploaded Style xss injection we own.
#############

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

vBulletin <= 3.8.4 XSS Vulnerability

Dork: \"powered by vbulletin\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.