vbullXSS.txt

2005-11-30T00:00:00
ID PACKETSTORM:41950
Type packetstorm
Reporter [N] Shell
Modified 2005-11-30T00:00:00

Description

                                        
                                            `re, submissions[at]packetstormsecurity.org.  
http://nshell.h15.ru/advisory's/vBulletin%203.5.1xss.txt  
=========================================================  
= [N] Shell : advizory =  
=========================================================  
  
PRODUCT: vBulletin 3.5.1  
  
DESCRIPTION:  
  
vBulletin is a powerful, scalable and fully  
customizable forums package for your web site.  
It has been written using the Web's  
quickest-growing scripting language; PHP, and  
is complemented with a highly efficient and  
ultra fast back-end database engine built  
using MySQL.  
http://vbulletin.net.ru/files/index.php?dlid=261  
VULN:  
The homepage parameter in usec control panel is not  
filtered correctly and u may attack using XSS.  
Xpl:  
http://whitehats.org"<script>[any code]</script><a href="fuckru.net  
  
[N] Shell http://nshell.h15.ru  
[NicatiN] 2005  
  
--   
wbr,  
[N] mailto:n_shell@mail.ru  
`