[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability
- From: DoZ@xxxxxxxxxxxxxxxxx
- Date: 6 Feb 2007 20:16:26 -0000
VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability
vBulletin is prone to multiple cross-site scripting vulnerabilities because it
fails to sufficiently sanitize user-supplied input data.
An attacker could exploit this vulnerability to have arbitrary script code
execute in the context of the affected site. This may allow an attacker to
steal cookie-based authentication credentials and to launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: No
Local: Yes
Class: Input Validation Error
Vendor: http://www.vbulletin.com/
Vulnerable:: Admin Control Panel (vBulletin 3.6.4 )
Attackers can exploit these issues via a web client.
These Fucntions on Index.php Contail XSS.
- User Group Manager
- User Rank Manager
- User Title Manager
- BB Code Manager
- Attachment Manager
- Calendar Manager
- Forums & Moderators
Pictures: http://rapidshare.com/files/15246918/vb-xss.rar.html
Security researcher? Join us: mail Zinho at zinho at hackerscenter.com