±-------------------------------------------------------------------
+
±-------------------------------------------------------------------
±-------------------------------------------------------------------
New Include Redirect Bug XSS All vBulletin v 3.x.x
This injections would allow an attacker to Include Redirect Admin to a page of his choice, effectively
Xss the page and steal cookie :
xss permanent ( must be Upload any File on Site Have Xss code ) PoC :
<script>alert(document.cookie)</script>.
to be used with cookie stealer following is a simple attack :-
http://localhost/vb/admincp/index.php?loc=../../../nez.txt
When opened url Will stealing cookies
±-------------------------------------------------------------------