Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26784
HistoryAug 05, 2011 - 12:00 a.m.

Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5

2011-08-0500:00:00
vulners.com
72

Advisory Information
Title: vBulletin Cross Site Scripting Vulnerability
Vendors contacted: vBulletin team


Vulnerability Information
Class: XSS flaw
Vulnerable page: Admin Login Page (admincp)
Remotely Exploitable: Yes


Vulnerability Description
vBulletin is a community forum solution for a wide range of users, including industry leading
companies. A XSS vulnerability has been discovered that could allow an attacker to carry out an
action impersonating a legal user, or to obtain access to a user's account.
This flaw allows unauthorized disclosure and modification of information, and it allows
disruption of service.


Vulnerable versions
4.1.3pl3, 4.1.4pl3 & 4.1.5pl1


Non-vulnerable Packages
vBulletin prior to 4.1.3


Vendor Information, Solutions and Workarounds
vBulletin team has released patches for this flaw and patch is released on 02-08-2011.
https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch


Credits
This vulnerability was discovered by Muhammad Haroon from Innovative Solutions KSA. OWASP
Chapter Lead of Pakistan. haroon [at] live [dot] it


Proof of Concept Code
This is a Cross Site Scripting (XSS) vulnerability within vBulletin community forum solution.
In order to exploit this flaw following vector would be used.
http://www.example.com/forums/admincp/?"><script>alert('Xss_found_By_M.Haroon')</script>


Report Timeline
30-07-2011: Notifies the vBulletin team about the vulnerability.
31-07-2011: vBulletin Team ask for technical description about the flaw
31-07-2011: Technical Details sent to vBulletin team
02-08-2011: vBulletin notifies that a fix has been produced and is available to the users on
2nd August 2011
03-08-2011: Vulnerability publicly disclosed.