[ خبـر ] : ثغرة جديده في هاك vBulletin Radio and TV Player
السلام عليكم
تم وجود ثغرت جديده في نسخة من هاك
vBulletin Radio and TV Player
نرجوا ان تجدوا لنا ترقيع
هذا هو الدليل
رمز Code:
vBulletin Radio and TV Player Add-On (all version) - XSS , Iframe injection and Redirect Vulnerability
About:-
Radio and TV Add-on will add a radio and TV library to your forum.
Features:-
- Users can add / delete / edit own stations
For more info about this plugin See - http://www.vbulletin.org/forum/showthread.php?t=152037&page=2
Note:-
- To exploit this Bug need to be registred!and after you are registered you can add new radio station
where name station can be ">
and URL ">
Poc: XSS
http://www.musicadigitale.net/forum/radioandtv.php?station=92
Poc: Iframe
http://www.musicadigitale.net/forum/radioandtv.php?station=93
Poc: Redirect
http://www.musicadigitale.net/forum/radioandtv.php?station=94
dorks:- inurl:radioandtv.php
Bug founded by d3v1l [Avram Marius]
Date: 14.06.2009
# milw0rm.com [2009-06-15]
http://milw0rm.org/exploits/8965
وشكرااااا
تحياتي فريق الشركة العربية للحماية
تم وجود ثغرت جديده في نسخة من هاك
vBulletin Radio and TV Player
نرجوا ان تجدوا لنا ترقيع
هذا هو الدليل
رمز Code:
vBulletin Radio and TV Player Add-On (all version) - XSS , Iframe injection and Redirect Vulnerability
About:-
Radio and TV Add-on will add a radio and TV library to your forum.
Features:-
- Users can add / delete / edit own stations
For more info about this plugin See - http://www.vbulletin.org/forum/showthread.php?t=152037&page=2
Note:-
- To exploit this Bug need to be registred!and after you are registered you can add new radio station
where name station can be ">
and URL ">
Poc: XSS
http://www.musicadigitale.net/forum/radioandtv.php?station=92
Poc: Iframe
http://www.musicadigitale.net/forum/radioandtv.php?station=93
Poc: Redirect
http://www.musicadigitale.net/forum/radioandtv.php?station=94
dorks:- inurl:radioandtv.php
Bug founded by d3v1l [Avram Marius]
Date: 14.06.2009
# milw0rm.com [2009-06-15]
http://milw0rm.org/exploits/8965
وشكرااااا
تحياتي فريق الشركة العربية للحماية
اسم الموضوع : [ خبـر ] : ثغرة جديده في هاك vBulletin Radio and TV Player
|
المصدر : قســم تطويــر المــــواقع