Tuesday, December 24, 2013

Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO

Posted by Yogesh Jaygadkar  
Tagged as:
11:07 AM

Exploit Title: Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO.
Found By:  Yogesh Jaygadkar | http://www.jaygadkar.com/
Tested versions: vBSEO 3.2.0 & vBSEO 3.6.0
Tested with: vBulletin 4.0.6 & vBulletin 4.2.1
Vulnerable POST Parameter:  sendtrackbacks

vBSEO Plugin for vBulletin contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sendtrackbacks' parameter upon submission to the /forum/newreply.php & /forum/newthread.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.


http://www.VictimVBForum.com/forum/newreply.php?do=postreply&t=[Thread ID]

In Advanced Reply Or New Thread page, Put your ">vector in "Trackback"

Submit the Reply. (You can also test it by clicking Preview Post button)

Done  ;)


PayPal : User Credit Card Information Disclosure

Posted by Yogesh  
Tagged as:
10:21 AM

Okay... So, here is another one old & duplicate bug from PayPall, which I reported looooong back.

I have found some strange results of api-3t.sandbox.paypal.com. This sub domain is storing all credit card information of paypal user in URL. Below is the google dork for finding such “stored” CC details.

Google Dork: site:sandbox.paypal.com inurl:CVV2=

Google results are not much, nearly 80, but still harmful as sensitive user information is getting leaked.


What they says

Proudly Powered by Blogger.
back to top