vBulletin adminCP Cross-Site Scripting

2010-01-11T00:00:00
ID SSV:18924
Type seebug
Reporter Root
Modified 2010-01-11T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ############################################################################
 
.::vBulletin adminCP Cross-Site Scripting ::.
 
# Exploit Title: vBulletin adminCP Cross-Site Scripting
# Date: 2009
# Author: Ashiyane Digital Security Members (Cair3x)
# Software Link: http://www.vbulletin.com/
# Version: 3.8.4 and all Version
# Tested on: vBulletin 3.8.4
# CVE :
# Code :
 
 
-::Forum Manager => Add New Forum ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/forum.php?do=add )
 
Add a new title . use the following code as title name :
 
.:: ::. Or Any Other Xss Code .
 
 
-::Calendar Manager => Add New Calendar ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/admincalendar.php?do=add )
 
Add a new title . use the following code as title name :
 
.:: ::. Or Any Other Xss Code .
 
 
-::Usergroup Manager => Add New Usergroup ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/usergroup.php?do=add )
 
Add a new title . use the following code as title name :
 
.:: ::. Or Any Other Xss Code .
 
 
-::User Rank Manager => Rank Type ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/ranks.php?do=add )
 
use the following code as (OR you may enter text HTML is allowed) Text .
 
.:: ::. Or Any Other Xss Code .
 
 
-::BB Code Manager => Add New BB Code ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/bbcode.php?do=add )
 
Complete All Required Fields And Enter Javascript Code in Title :
 
.:: ::. Or Any Other Xss Code .
 
 
-::Scheduled Task Manager => Add New Scheduled Task ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/cronadmin.php?do=edit )
 
Complete All Required Fields And Enter Javascript Code in Title :
 
.:: ::. Or Any Other Xss Code .
 
 
 
-::FAQ Manager => Add New FAQ Item ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/faq.php?do=add )
 
Add a new title . use the following code as title name :
 
.:: ::. Or Any Other Xss Code .
 
 
 
-::Style Manager => Add New Style ::-
 
Exploit :
 
Go To ( http://127.0.0.1/vb/admincp/template.php?do=addstyle )
 
Add a new title . use the following code as title name :
 
.:: ::. Or Any Other Xss Code .
 
All of the best
 
* Cair3x From Ashiyane Digital Security Members : (WwW.Ashiyane.org/forums/)