| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070206201626.14226.qmail@securityfocus.com> Date: 6 Feb 2007 20:16:26 -0000 From: DoZ@...kersCenter.com To: bugtraq@...urityfocus.com Subject: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks. Hackers Center Security Group (http://www.hackerscenter.com) Credit: Doz Remote: No Local: Yes Class: Input Validation Error Vendor: http://www.vbulletin.com/ Vulnerable:: Admin Control Panel (vBulletin 3.6.4 ) Attackers can exploit these issues via a web client. These Fucntions on Index.php Contail XSS. - User Group Manager - User Rank Manager - User Title Manager - BB Code Manager - Attachment Manager - Calendar Manager - Forums & Moderators Pictures: http://rapidshare.com/files/15246918/vb-xss.rar.html Security researcher? Join us: mail Zinho at zinho at hackerscenter.com
Powered by blists - more mailing lists