0day.today - Dunyanin En Buyuk Exploit Veritabani

Dilinizi secin:

Bu konuda bilmeniz gerekenler:

Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK

Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte.

We accept currencies: [contact admin to find more]

Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.

Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

Zaten 0day.today'a kayitli bir kullaniciyim. Bu ekrani bir daha gormek istemiyorum.

Ilk ne yapmali?

Oku [ anlasma ]
Oku [ Gonder ] kurallar
Ziyaret et [ SSS ] page
[ Uye Ol ] profil
[ FIYAT ]
Eger istiyorsaniz [ satmak ]
Eger istiyorsaniz [ almak ]
Eger kaybederseniz [ Hesap ]
Herhangi bir sorunuz [ [email protected] ]

Ana linkler

Bize ulasabilirsiniz

Mail:

[email protected]

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ Yenileme ]

Bize ulasabilirsiniz:

Mail:

[email protected]

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

vBulletin 5.6.3 Admin CP Multiple Persistent Cross-Site Scripting Vulnerabilities

[ 0Day-ID-34893 ]

Full Baslik

vBulletin 5.6.3 Admin CP Multiple Persistent Cross-Site Scripting Vulnerabilities [ Highlight ]

Highlight - is paid service, that can help to get more visitors to your material.

Price:

Eklenme Tarihi

02-09-2020

Kategori

web applications

Platform

php

Dogrulanma

Fiyat

Ucretsiz

Risk

[

Security Risk High

]

Rel. releases

Usage info

# Exploit Title: vBulletin 5.6.3 Multiple Persistent Cross-Site
Scripting Vulnerabilities
# Date: 02.09.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://www.vbulletin.com/en/vb5-trial/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox,Opera.
# Blog : https://pentest-vincent.blogspot.com/
# PoC: https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html
# Google Dorks: "Powered by vBulletin® Version 5.6.3"

1.

Click on "User Profile Fields" and choose "User Profile Field Manager"
in the menu. Choose "Occupation" and click on "Edit". Put simple xss
code in the "Title" and "Description" :

""><script>alert("xss")</script>

And save this. Click "Edit" and open:

https://8289cfe4157f-041544.demo.vbulletin.net/admincp/profilefield.php?do=edit&profilefieldid=4

And we can see stored xss in "User Profile Field Manager".

Picture:

https://imgur.com/a/CebQFuT

Satici

https://www.vbulletin.com/en/vb5-trial/

Etkilenenler

5.6.3

Test edildi

Windows 10 Mozilla Firefox and Opera

Etiketler

vbulletin xss

Prooves Information

Video proof

Other Information

Abuses

Yorumlar

Goruntulemeler

2 443

We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!

Ucretsiz

Open Exploit
You can open this source code for free

Open Exploit

Open Exploit
You can open this source code for free

Verified by

Verified by
This material is checked by Administration and absolutely workable.

Yazar

vincent666winnie

Exploit

Okuyucular

[ Yorumlar: 0 ]

Users are forbidden to exchange personal contact details
Haggle on other sites\projects is forbidden
Reselling is forbidden

Punishment: permanent block of user account with all Gold.

Yorum yazabilmek icin giris yapin ve ya uye olun

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

vBulletin 5.6.3 Admin CP Multiple Persistent Cross-Site Scripting Vulnerabilities

Report Error

Report Error