sâmbătă, 24 martie 2012

vBulletin 3.8.x - 4.1.11 Cross Site Scripting

# Exploit Title: vBulletin 3.8.x - 4.1.11 Cross Site Scripting
# Date: 25.03.2012
# Author: Sony , Flexxpoint and .e0f
# Software Link: https://www.vbulletin.com/
# Web Browser : Mozilla Firefox
# Blog Flexxpoint: http://flexxpoint.blogspot.com/
# Blog Sony: http://st2tea.blogspot.com
# Site : http://insecurity.ro
..................................................................


Well, we have an interesting xss in vBulletin 4.1.10 - 4.1.11 (maybe other version)

We have xss in the a lot of places.


https://www.vbulletin.com/forum/blog.php
https://www.vbulletin.com/forum/
https://www.vbulletin.com/forum/group.php
etc..


Simple Example:

https://www.vbulletin.com/forum/group.php


Click on URL and put our xss code in the URL:


And press button Ok and button Preview Message.


We can see xss. It's in all places, where we can use "url".

How you can use this? idk..

But i know what you can use..

Create new topic, put our xss in the "url" and click on Promote to Article..



or Blog this Post..


It's a hard, but possibly.

Simple Video PoC:




Or example on http://www.chinclub.ru/forum.php

http://www.chinclub.ru/showthread.php?p=257153

(It's topic) You can create other with xss (for example).

But we need give other link for users or admin ..(link Blog this Post)


http://www.chinclub.ru/blog_post.php?do=newblog&p=257153

And here we can see our persistent xss and..hmm..

We test this on some forums. It's work.

Demo vBulletin Forum. Version 4.1.10.


https://www.vbulletin.com/admindemo.php

It's Work in other version too.




And..

Today i saw one clip by .e0f, it's too about vBulletin:

http://vimeo.com/39049790

Method is very interesting. It's not in "url".

We can see is here:

http://www.1337day.com/exploits/17824?utm_source=dlvr.it&utm_medium=twitter


vBulletin 4.1.10 XSS Vulnerability 2x from root and toor on Vimeo.

1 comentarii:

emi_me spunea...

hey look up this wesite for programmers...www.countcode.com, i worked be myself for 5 months to make it run...you can share and download codes, ask or answer forum questions, and you can count your code lines from your whole life of programming, sincerely Emi

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.