JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability
BID:9888
Info
JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9888 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2004 12:00AM |
| Updated: | Mar 16 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to JeiAr <[email protected]>. |
| Vulnerable: |
Jelsoft vBulletin 3.0 .0 can4 Jelsoft vBulletin 3.0 .0 |
| Not Vulnerable: | |
Discussion
JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability
It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'forumdisplay.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.
It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'forumdisplay.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/forumdisplay.php?f=[VID]&page=[INT]&sort=lastpost&order=[XSS]
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/forumdisplay.php?f=[VID]&page=[INT]&sort=lastpost&order=[XSS]
Solution / Fix
JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability
References:
References:
- Vendor Homepage (Kyberna)
- JelSoft vBulletin Multiple XSS Vulnerabilities (JeiAr