How I hijacked users, username and password with posting an image link in vBulletin and MyBB Vulnerability details: I have posted an image link from my web site the image link that I have posted is protected by basic authentication. I am authenticated to the protected image folder that I am going to post which means I can post the link and it will load from forum to me because I am Authenticated to the protected file but others not. This is the point, when a vBulletin based forum trying to load my posted image to users who trying to read my post a logging massage box going to prompt and requiring them for logging again with their username and password and when they fill up prompted massage box with their username and password I was able to hijack their username and password. check out attached image cheers coolkaveh
Attachment:
aut.jpg
Description: JPEG image
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
