vBulletin 4.0.2 Search Cross Site Scripting Vulnerability
BID:38895
Info
vBulletin 4.0.2 Search Cross Site Scripting Vulnerability
| Bugtraq ID: | 38895 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2010 12:00AM |
| Updated: | Mar 19 2010 12:00AM |
| Credit: | 5ubzer0 |
| Vulnerable: |
VBulletin VBulletin 4.0.2 |
| Not Vulnerable: |
VBulletin VBulletin 4.0.2 PL 2 |
Discussion
vBulletin 4.0.2 Search Cross Site Scripting Vulnerability
vBulletin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x versions.
vBulletin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x versions.
Exploit / POC
vBulletin 4.0.2 Search Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert('xss');</script>
http://www.example.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert(document.cookie);</script>
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert('xss');</script>
http://www.example.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert(document.cookie);</script>
Solution / Fix
vBulletin 4.0.2 Search Cross Site Scripting Vulnerability
Solution:
The vendor released version 4.0.2 PL 2 to address this issue. Please see the references for more information.
Solution:
The vendor released version 4.0.2 PL 2 to address this issue. Please see the references for more information.
References
vBulletin 4.0.2 Search Cross Site Scripting Vulnerability
References:
References:
- vBulletin Homepage (vBulletin)
- Security Fix Releases 3.7.7 and 4.0.2 PL 2 (vBulletin)