vBulletin 4.2.2 Cross Site Scripting

2015.12.24
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

######################################################## # Exploit Title: vBulletin 4.2.2 Cross Site Scripting(XSS) ######################################################## # Google Dork: intext:"Powered by vBulletin Version 4.2.2" # Date: [24/12/2015] # Exploit Author: Gray Hat Group=>MR.BL4CK # Vendor Homepage: [https://www.vbulletin.com/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target. # Then you have to register. # The vulnerability is in the Section profiles. # This type of XSS vulnerability exists.You can run your scripts. # Scripts like [<Script>alert('XSS By MR.BL4CK')</script>] # Or ["><marquee><h1>XSS_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>] And other scripts. # Exploit: # You should go to the Hash Tag Submited Or This Address # Site.com/usertag.php?do=profile&action=hashsubscription # In this section you can Run Your Scripts. # GooD LucK ######################################################## # Thanks to : Bl4ck W4rning | Dalghak | MR.BL4CK | WHITE | H!dden V!rus | Shayan 72 | Keian | Ahriman | MR.ROBOT # We Are Gray Hat Hackers # Discovered By:MR.BL4CK ########################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top