Re: [Full-disclosure] VBulletin adminCP Cross Site Scripting
On Wed, Aug 03, 2011 at 06:37:32PM +0600, HAroon . wrote:
*Advisory Information*
Title: vBulletin Cross Site Scripting Vulnerability
Date published: 02-08-2011
Vendors contacted: vBulletin team
*Vulnerability Information*
Class: XSS flaw
Vulnerable page: Admin Login Page (admincp)
Remotely Exploitable: Yes
Locally Exploitable: No
*Vulnerability Description*
vBulletin is a community forum solution for a wide range of users,
including industry leading companies. A XSS vulnerability has been discovered
that could allow an attacker to carry out an action impersonating a legal
user,
or to obtain access to a user's account.
This flaw allows unauthorized disclosure and modification of information,
and it allows disruption of service.
*Vulnerable versions*
4.1.3pl3, 4.1.4pl3 4.1.5pl1
*Non-vulnerable Packages*
. vBulletin prior to 4.1.3
*Vendor Information, Solutions and Workarounds*
vBulletin team has released patches for this flaw and patch is released on
02-08-2011.
https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch
*Credits*
This vulnerability was discovered by Muhammad Haroon from Innovative
Solutions KSA. OWASP Chapter Lead of Pakistan. haroon [at] live [dot] it
*Proof of Concept Code*
This is a Cross Site Scripting (XSS) vulnerability within vBulletin
community forum solution. In order to exploit this flaw following vector would
be used.
http://www.example.com/forums/admincp/?;scriptalert('Xss_found_By_M.Haroon')/script
*Report Timeline*
30-07-2011: Notifies the vBulletin team about the vulnerability.
31-07-2011: vBulletin Team ask for technical description about the flaw
31-07-2011: Technical Details sent to vbulletin team
02-08-2011: vBulletin notifies that a fix has been produced and is
available to the users on 2nd August 2011
03-08-2011: Vulnerability publicly disclosed.
Did you request CVE-ID for this issue?
Best regards,
Henri Salo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VBulletin adminCP Cross Site Scripting
*Advisory Information*
Title: vBulletin Cross Site Scripting Vulnerability
Date published: 02-08-2011
Vendors contacted: vBulletin team
*Vulnerability Information*
Class: XSS flaw
Vulnerable page: Admin Login Page (admincp)
Remotely Exploitable: Yes
Locally Exploitable: No
*Vulnerability Description*
vBulletin is a community forum solution for a wide range of users,
including industry leading companies. A XSS vulnerability has been discovered
that could allow an attacker to carry out an action impersonating a legal user,
or to obtain access to a user's account.
This flaw allows unauthorized disclosure and modification of information,
and it allows disruption of service.
*Vulnerable versions*
4.1.3pl3, 4.1.4pl3 4.1.5pl1
*Non-vulnerable Packages*
. vBulletin prior to 4.1.3
*Vendor Information, Solutions and Workarounds*
vBulletin team has released patches for this flaw and patch is released on
02-08-2011.
https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch
*Credits*
This vulnerability was discovered by Muhammad Haroon from Innovative
Solutions KSA. OWASP Chapter Lead of Pakistan. haroon [at] live [dot] it
*Proof of Concept Code*
This is a Cross Site Scripting (XSS) vulnerability within vBulletin
community forum solution. In order to exploit this flaw following vector would
be used.
http://www.example.com/forums/admincp/?;scriptalert('Xss_found_By_M.Haroon')/script
*Report Timeline*
30-07-2011: Notifies the vBulletin team about the vulnerability.
31-07-2011: vBulletin Team ask for technical description about the flaw
31-07-2011: Technical Details sent to vbulletin team
02-08-2011: vBulletin notifies that a fix has been produced and is
available to the users on 2nd August 2011
03-08-2011: Vulnerability publicly disclosed.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
