JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
BID:9943
Info
JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 9943 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2004 12:00AM |
| Updated: | Mar 22 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to JeiAr <[email protected]>. |
| Vulnerable: |
Jelsoft vBulletin 3.0 .0 can4 Jelsoft vBulletin 3.0 .0 Jelsoft vBulletin 2.3.4 Jelsoft vBulletin 2.3.3 Jelsoft vBulletin 2.3 Jelsoft vBulletin 2.2.9 can Jelsoft vBulletin 2.2.8 Jelsoft vBulletin 2.2.7 Jelsoft vBulletin 2.2.6 Jelsoft vBulletin 2.2.5 Jelsoft vBulletin 2.2.4 Jelsoft vBulletin 2.2.3 Jelsoft vBulletin 2.2.2 Jelsoft vBulletin 2.2.1 Jelsoft vBulletin 2.2 .0 Jelsoft vBulletin 2.0.2 Jelsoft vBulletin 2.0.1 Jelsoft vBulletin 2.0 beta 3 Jelsoft vBulletin 2.0 beta 2 Jelsoft vBulletin 2.0 |
| Not Vulnerable: | |
Discussion
JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'index.php' script in both the 'admincp' and 'modcp' application directories. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.
It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'index.php' script in both the 'admincp' and 'modcp' application directories. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
An exploit is not required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/admincp/index.php?vb_login_username=[XSS]
http://www.example.com/modcp/index.php?vb_login_username=[XSS]
An exploit is not required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/admincp/index.php?vb_login_username=[XSS]
http://www.example.com/modcp/index.php?vb_login_username=[XSS]
Solution / Fix
JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
References:
References:
- vBulletin Homepage (vBulletin)