Tuesday, December 24, 2013

Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO

Posted by Yogesh Jaygadkar  
Tagged as:
11:07 AM

Exploit Title: Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO.
Found By:  Yogesh Jaygadkar | http://www.jaygadkar.com/
Tested versions: vBSEO 3.2.0 & vBSEO 3.6.0
Tested with: vBulletin 4.0.6 & vBulletin 4.2.1
Vulnerable POST Parameter:  sendtrackbacks

vBSEO Plugin for vBulletin contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sendtrackbacks' parameter upon submission to the /forum/newreply.php & /forum/newthread.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

POC:

http://www.VictimVBForum.com/forum/newreply.php?do=postreply&t=[Thread ID]
http://www.VictimVBForum.com/forum/newthread.php?do=newthread&f=

In Advanced Reply Or New Thread page, Put your ">vector in "Trackback"
Options.

Submit the Reply. (You can also test it by clicking Preview Post button)

 
Done  ;)

About the Author

Write admin description here..

0 comments:

What they says

Proudly Powered by Blogger.
back to top