Новости из Блогов vBulletin 3.8.x - 4.1.11 Cross Site Scripting

Discussion in 'Мировые новости. Обсуждения.' started by Suicide, 25 Mar 2012.

  1. Suicide

    Suicide Super Moderator
    Staff Member

    Joined:
    24 Apr 2009
    Messages:
    2,482
    Likes Received:
    7,062
    Reputations:
    693
    vBulletin 3.8.x - 4.1.11 Cross Site Scripting


    # Exploit Title: vBulletin 3.8.x - 4.1.11 Cross Site Scripting
    # Date: 25.03.2012
    # Author: Sony , Flexxpoint and .e0f
    # Software Link: https://www.vbulletin.com/
    # Web Browser : Mozilla Firefox
    # Blog Flexxpoint: http://flexxpoint.blogspot.com/
    # Blog Sony: http://st2tea.blogspot.com
    # Site : http://insecurity.ro


    Well, we have an interesting xss in vBulletin 4.1.10 - 4.1.11 (maybe other version)

    We have xss in the a lot of places.

    https://www.vbulletin.com/forum/blog.php
    https://www.vbulletin.com/forum/
    https://www.vbulletin.com/forum/group.php
    etc..

    Simple Example:

    https://www.vbulletin.com/forum/group.php

    [​IMG]

    Click on URL and put our xss code in the URL:

    [​IMG]

    And press button Ok and button Preview Message.

    [​IMG]

    We can see xss. It's in all places, where we can use "url".

    How you can use this? idk..

    But i know what you can use..

    Create new topic, put our xss in the "url" and click on Promote to Article..

    [​IMG]

    or Blog this Post..

    [​IMG]

    It's a hard, but possibly.

    Simple Video PoC: http://youtu.be/endyyK1rW4k


    Or example on http://www.chinclub.ru/forum.php

    http://www.chinclub.ru/showthread.php?p=257153

    (It's topic) You can create other with xss (for example).

    But we need give other link for users or admin ..(link Blog this Post)

    http://www.chinclub.ru/blog_post.php?do=newblog&p=257153

    And here we can see our persistent xss and..hmm..

    We test this on some forums. It's work.

    Demo vBulletin Forum. Version 4.1.10.

    https://www.vbulletin.com/admindemo.php

    It's Work in other version too.

    [​IMG]

    [​IMG]

    p.s.

    Today i saw one clip, it's too about vBulletin:

    http://vimeo.com/39049790

    Method is very interesting. It's not in "url".

    We can see is here:

    http://www.1337day.com/exploits/17824?utm_source=dlvr.it&utm_medium=twitter

    Видео



    Запись от 25.03.2012
    англ. (перевод тут не нужен)
    http://st2tea.blogspot.com/2012/03/vbulletin-4110-4111-cross-site.html
    http://st2tea.blogspot.com/
     
    _________________________
    #1 Suicide, 25 Mar 2012
    Last edited: 27 Mar 2012
  2. OxoTnik

    OxoTnik На мышей

    Joined:
    10 Jun 2011
    Messages:
    943
    Likes Received:
    525
    Reputations:
    173
    Да какой то, больно паливный спрособ))
     
    #2 OxoTnik, 25 Mar 2012
  3. t3cHn0iD

    t3cHn0iD Banned

    Joined:
    6 Apr 2009
    Messages:
    313
    Likes Received:
    63
    Reputations:
    66
    Мда, видео снималось с компа времен второй мировой войны ? Очень интересно, если все тормозило во время записи даже под XP.
     
    #3 t3cHn0iD, 25 Mar 2012
  4. b0rntek

    b0rntek Member

    Joined:
    4 Nov 2009
    Messages:
    6
    Likes Received:
    9
    Reputations:
    15
    Ну..да, сложный вариант. Но возможный.

    А комп. Ну блин, у меня домашние забрали нетбук и ноут. Ну мне и так норм. Я привыкла к старью. Это напоминает детство и разное)
     
    #4 b0rntek, 25 Mar 2012
    Last edited: 26 Mar 2012
  5. Suicide

    Suicide Super Moderator
    Staff Member

    Joined:
    24 Apr 2009
    Messages:
    2,482
    Likes Received:
    7,062
    Reputations:
    693
    Да, и пост сам в блоге, что выше скопирован, уже обновился даже по заголовку, по тексту добавилось +

    upd: Обновила первый пост в соответствии также и с желанием автора.
     
    _________________________
    #5 Suicide, 25 Mar 2012
    Last edited: 25 Mar 2012
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.