Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: bt-30004.htm

Vbulletin - Two-Step External Link XSS



Vbulletin - Two-Step External Link XSS
Vbulletin - Two-Step External Link XSS



###############################################=0D
# Vendor: vBulletin=0D
# Affected versions: 3.7.x - 3.8.x=0D
# Mod: Two-Step External Link=0D
# URL: http://www.vbulletin.org/forum/showthread.php?t=217708=0D 
# Vulnerability type: XSS=0D
# Risk rating: Medium=0D
###############################################=0D
# [Exploit]=0D
# http://[FORUM]/externalredirect.php?url=XSS=0D 
###############################################=0D
# [Bug]=0D
# File: externalredirect.php (line 35)=0D
# Code: $url = $vbulletin->GPC['url'];=0D
###############################################=0D
# [Solution]=0D
# $url = htmlentities($vbulletin->GPC['url']);=0D
###############################################=0D
# [Credits]=0D
# Edgard Chammas [454447415244]=0D
# edgard.chammas@beyond-security.org=0D 
###############################################


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH