lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <SNT137-W4CFA6EE6649B590BA2DD3CA3A0@phx.gbl>
Date: Wed, 3 Aug 2011 18:37:32 +0600
From: "HAroon ." <haroon@...e.it>
To: <full-disclosure@...ts.grok.org.uk>
Subject: VBulletin adminCP Cross Site Scripting




*Advisory Information*

Title: vBulletin Cross Site Scripting Vulnerability

Date published: 02-08-2011

Vendors contacted: vBulletin team

 

*Vulnerability Information*

Class: XSS flaw

Vulnerable page: Admin Login Page (admincp)

Remotely Exploitable: Yes

Locally Exploitable: No

 

*Vulnerability Description*

vBulletin is a community forum solution for a wide range of users,
including industry leading companies. A XSS vulnerability has been discovered
that could allow an attacker to carry out an action impersonating a legal user,
or to obtain access to a user's account.

This flaw allows unauthorized disclosure and modification of information,
and it allows disruption of service.

 

*Vulnerable versions*

4.1.3pl3, 4.1.4pl3 & 4.1.5pl1

 

*Non-vulnerable Packages*

. vBulletin prior to 4.1.3

*Vendor Information, Solutions and Workarounds*

vBulletin team has released patches for this flaw and patch is released on
02-08-2011. https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch

 

*Credits*

This vulnerability was discovered by Muhammad Haroon from Innovative
Solutions KSA. OWASP Chapter Lead of Pakistan. haroon [at] live [dot] it

 

*Proof of Concept Code*

This is a Cross Site Scripting (XSS) vulnerability within vBulletin
community forum solution. In order to exploit this flaw following vector would
be used.

 http://www.example.com/forums/admincp/?"><script>alert('Xss_found_By_M.Haroon')</script>

 

*Report Timeline*

30-07-2011: Notifies the vBulletin team about the vulnerability.

31-07-2011: vBulletin Team ask for technical description about the flaw

31-07-2011: Technical Details sent to vbulletin team

02-08-2011: vBulletin notifies that a fix has been produced and is
available to the users on 2nd August 2011

03-08-2011: Vulnerability publicly disclosed.

 		 	   		  
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ