| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 20 Jun 2007 13:37:48 -0000 From: stormhacker@...mail.com To: bugtraq@...urityfocus.com Subject: New Include Redirect Bug XSS All vBulletin v 3.x.x +-------------------------------------------------------------------- + + New Include Redirect Bug XSS All vBulletin® v 3.x.x + +-------------------------------------------------------------------- + vendor site........: http://www.vbulletin.com/ + Affected Software .: vbulletin + Class .............: XSS + Risk ..............: Low + Found by ..........: rUnViRuS + Original advisory .: http://www.sec-area.com/ + Contact ...........: stormhacker[at]hotmail[.]com + +-------------------------------------------------------------------- New Include Redirect Bug XSS All vBulletin v 3.x.x This injections would allow an attacker to Include Redirect Admin to a page of his choice, effectively Xss the page and steal cookie : xss permanent ( must be Upload any File on Site Have Xss code ) PoC : <script>alert(document.cookie)</script>. to be used with cookie stealer following is a simple attack :- http://localhost/vb/admincp/index.php?loc=../../../nez.txt When opened url Will stealing cookies +-------------------------------------------------------------------- + [W]orld [D]efacers [T]eam + Greets: + || rUnViRuS || - || Provide || - || HeX || - || dEv!L RoOT || + || BlackWHITE || - || dOcnok || - || A.tar0uDant.D || + || Pro Hacker || - || DARKFIRE || - || papipsycho || + Sp.Thanx To : Sec-Area.com Member's +-------------------------[ W D T ]----------------------------------
Powered by blists - more mailing lists