vBulletin Upload Image(XSS) - Internet Explorer only

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052944 漏洞类型
发布时间 2007-06-05 更新时间 2007-06-05
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007060029
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Image cross site scripting in Internet Explorer ONLY!

vBulletin has a title for being known as one of the most secure forums on
the internet.
Wrong! vBulletin has had its fair share of exploits over the years. One of
which is shared among many other sites and forums.

Image Cross-Site Scripting [XSS]

PoC:

Although you may upload an image to a forum that has HTML embedded in its
headers,
you probably have noticed that vBulletin discredits such actions.
At first look, it may disappoint many to see that vBulletin does not allow
image uploads with HTML in the headers,
but when one takes a further look inside vBulletin's cleansing function,
they will notice that vBulletin only checks up to 256 bytes of data.
This means, if you were to put HTML tags in the header, past 256 bytes of
data;
the image would be dubbed legit and vBulletin would allow it's upload.

Author : Pr0T3cT10n.