| Exploits, Vulnerabilities & PoCs Got information about the above? |
#1
| ||||
| ||||
| vBulletin 3.8.4 - Cross Site Script Redirection vBulletin - Cross Site Script Redirection Versions Affected: 3.8.4 / 3.7.6 / 3.6.12 Patches Available: 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1 Info: An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an action as a user or obtain access to a user's account. To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin. The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required. As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited. Credits: The original finder of the security hole. (Jelsoft?) Researched & Disclosed by: MaXe (InterN0T.net) References: http://www.vbulletin.com/forum/showthread.php?t=319572 The Advisory Quote:
Update to the newest version of vBulletin - 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1 Conclusion vBulletin is generally a safe and secure platform to use for large forums. This security hole / exploit is implausible to actually work against people. Please see: http://forum.intern0t.net/blogs/maxe...scripting.html for more information! Disclosure Information: - Unknown date of when the vendor found the security hole. - Vendor released patch on the 7th October 2009. - Security hole researched and disclosed on 8th October 2009. All of the best, MaXe
__________________ Code: ____/____\_________________
\|/ | OMG IT'S TEH LEET STORY!! |
/*\ /\ -*- |______ ________/\_________|
// \\ / \ /|\ / \/ \ / \
/// \\\ / \ / \/ \
// \\ / \ / \o/ \ \
| | / \ / | \ \
___| |____/ \______/________/ \_______\_____\_________
/ o \
#"=-
/\
__________________________________________________________
On a mission, to find the lost member of Teh Unkwon.. |
|
#2
| ||||
| ||||
| Re: vBulletin 3.8.4 - Cross Site Script Redirection
O_O shweet find! lol /pwn going around everywhere
__________________ "BackTrack is the fastest way to go from boot to remote root." - H.D. Moore ![]() |
|
#3
| ||||
| ||||
| Re: vBulletin 3.8.4 - Cross Site Script Redirection
so ? how to hack vbulletin?? :D
__________________ -= newbie permanent was here =- visit my blog @ http://zerofreedom.wordpress.com |
|
#5
| ||||
| ||||
| Re: vBulletin 3.8.4 - Cross Site Script Redirection
what we can do with XSS ? just cookie stealer or else?
__________________ -= newbie permanent was here =- visit my blog @ http://zerofreedom.wordpress.com |
|
#6
| |||
| |||
| Re: vBulletin 3.8.4 - Cross Site Script Redirection
cookie stealing and sesson hijacking are the most dangerous one ! but there are more ! like coding xss worm , or making ddos by persistance xss ! also there are some powerfull tools like BeEF . google it ;)
__________________ I love InterN0T |
![]() |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/exploits-vulnerabilities-pocs/1502-vbulletin-3-8-4-cross-site-script-redirection.html | ||||
| Posted By | For | Type | Date | |
| Sito (o server) BUCATO !!! | This thread | Refback | 7th March 2010 15:03 | |
| Vbulletin 3.8.4 | This thread | Refback | 16th January 2010 01:26 | |
| Untitled document | This thread | Refback | 6th January 2010 08:18 | |
| JavaScript Protocol Comment Newline Injection ha.ckers.org web application security lab | This thread | Refback | 14th October 2009 17:40 | |
| Viruslist.com - vBulletin User Profile Script Insertion Vulnerability | This thread | Refback | 10th October 2009 17:15 | |
| 58711: vBulletin User Profile Home Page Parameter XSS | This thread | Refback | 10th October 2009 05:48 | |
| Bugtraq: vBulletin - Multiple Versions - Cross Site Script Redirection | This thread | Refback | 9th October 2009 18:58 | |
| vBulletin User Profile Script Insertion Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | This thread | Refback | 9th October 2009 11:59 | |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cross Site Scripting via POST-requests | MaXe | Web Hacking & War Games | 0 | 29th January 2010 16:58 |
| FBI XSS / Cross Site Scripting Vulnerability | MaXe | Exploits, Vulnerabilities & PoCs | 2 | 28th January 2009 09:34 |
| [Guide] Cross Site Scripting - Attack and Defense guide | hestas | Web Hacking & War Games | 4 | 23rd August 2008 18:38 |