lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110804141855.GA6651@foo.fgeek.fi>
Date: Thu, 4 Aug 2011 17:18:55 +0300
From: Henri Salo <henri@...v.fi>
To: full-disclosure@...ts.grok.org.uk
Cc: haroon@...e.it
Subject: Re: VBulletin adminCP Cross Site Scripting

On Wed, Aug 03, 2011 at 06:37:32PM +0600, HAroon . wrote:
> *Advisory Information*
> 
> Title: vBulletin Cross Site Scripting Vulnerability
> 
> Date published: 02-08-2011
> 
> Vendors contacted: vBulletin team
> 
>  
> 
> *Vulnerability Information*
> 
> Class: XSS flaw
> 
> Vulnerable page: Admin Login Page (admincp)
> 
> Remotely Exploitable: Yes
> 
> Locally Exploitable: No
> 
>  
> 
> *Vulnerability Description*
> 
> vBulletin is a community forum solution for a wide range of users,
> including industry leading companies. A XSS vulnerability has been discovered
> that could allow an attacker to carry out an action impersonating a legal user,
> or to obtain access to a user's account.
> 
> This flaw allows unauthorized disclosure and modification of information,
> and it allows disruption of service.
> 
>  
> 
> *Vulnerable versions*
> 
> 4.1.3pl3, 4.1.4pl3 & 4.1.5pl1
> 
>  
> 
> *Non-vulnerable Packages*
> 
> . vBulletin prior to 4.1.3
> 
> *Vendor Information, Solutions and Workarounds*
> 
> vBulletin team has released patches for this flaw and patch is released on
> 02-08-2011. https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch
> 
>  
> 
> *Credits*
> 
> This vulnerability was discovered by Muhammad Haroon from Innovative
> Solutions KSA. OWASP Chapter Lead of Pakistan. haroon [at] live [dot] it
> 
>  
> 
> *Proof of Concept Code*
> 
> This is a Cross Site Scripting (XSS) vulnerability within vBulletin
> community forum solution. In order to exploit this flaw following vector would
> be used.
> 
>  http://www.example.com/forums/admincp/?"><script>alert('Xss_found_By_M.Haroon')</script>
> 
>  
> 
> *Report Timeline*
> 
> 30-07-2011: Notifies the vBulletin team about the vulnerability.
> 31-07-2011: vBulletin Team ask for technical description about the flaw
> 31-07-2011: Technical Details sent to vbulletin team
> 02-08-2011: vBulletin notifies that a fix has been produced and is
> available to the users on 2nd August 2011
> 03-08-2011: Vulnerability publicly disclosed.

Did you request CVE-ID for this issue?

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ