0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Vanilla Forums 2.0.18.4 Tagging Stored XSS
[# Title: Vanilla Tagging Stored XSS
# Date: 1/6/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# Software: Vanilla Version 2.0.18.4
# http://vanillaforums.org/download
Create a new thread and post your XSS as tag. I used
<script>alert('xss')</script>
You will have to use a proxy / manipulate the form to bypass the max-length on the form.
Once you have posted the thread, send an administrator or moderator to
http://server/index.php?p=/vanilla/post/editdiscussion/7
Where 7 is the thread ID of the thread you just made. The XSS will then trigger.
You can even use a URL shortener to send the link.
Note: The URL may be different depending on what category your thread is in.
#############################################################
# 0day.today [2024-11-15] #