Announcement

Collapse
No announcement yet.

A cross-site scripting (XSS) vulnerability in the Admin.

Collapse
X
Collapse
First Prev Next Last
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    A cross-site scripting (XSS) vulnerability in the Admin.

    [URL redacted for security reasons]

    A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.

    I have a test version to test this, any pointers?
    Last edited by glennrocksvb; 02-09-2025, 10:15 PM.
    Tags: None
    • Top
    • Translate
    • Bottom
    #2
    vbuser, thanks for posting this alleged vulnerability. I recommend reporting this to vBulletin.

    But I noticed that the report was published in 2023. I'm not sure if this issue is still valid in vB 6.1.0 (the report said the issue affects 6.0.0). vBulletin should be informed (if not already) so they can officially confirm this alleged vulnerability.
    Last edited by glennrocksvb; 02-09-2025, 10:20 PM.
    Buy me a coffeePayPal QR Code
    My Amazon Affiliate Link
    Fast vBulletin VPS Host:
    This site is hosted by IONOS
    • Top
    • Translate
    • Bottom

    Comment

      #3
      Yeah, I am aware of it. I am looking to pen test at my local host for learning, any pointers?
      • Top
      • Translate
      • Bottom

      Comment

        #4
        Sorry, due to the nature of your request, I must respectfully decline to provide specific guidance on how to test the reported vulnerability. I haven't looked into it myself but even if I did, I won't be able to help for ethical and legal reasons.
        Buy me a coffeePayPal QR Code
        My Amazon Affiliate Link
        Fast vBulletin VPS Host:
        This site is hosted by IONOS
        • Top
        • Translate
        • Bottom

        Comment

          #5
          No issues, I just wanna know how it works. Who runs vbulletin? when you have xenforo. nvm
          • Top
          • Translate
          • Bottom

          Comment

          Previous template Next

          Latest Posts

          Collapse
          View All
          Working...
          X
          Searching...Please wait.
          An unexpected error was returned: 'Your submission could not be processed because you have logged in since the previous page was loaded.

          Please push the back button and reload the previous window.'
          An unexpected error was returned: 'Your submission could not be processed because the token has expired.

          Please push the back button and reload the previous window.'
          An internal error has occurred and the module cannot be displayed.
          There are no results that meet this criteria.
          Search Result for "|||"