Skip to content

Instantly share code, notes, and snippets.

Last active February 24, 2024 22:29
Show Gist options
  • Save GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c to your computer and use it in GitHub Desktop.
Save GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c to your computer and use it in GitHub Desktop.
[POC] [CVE-2023-39777]
I have discovered a Cross-Site Scripting (XSS) vulnerability in vBulletin latest version 6.0.0, which also impacts lower versions. The vulnerability allows an attacker to inject malicious scripts into the Admin Control Panel, potentially leading to unauthorized access, data theft, or further exploitation.
The XSS vulnerability can be triggered when an authenticated user accesses to path `/admincp` and try to login to the Admin Control Panel. The vulnerability is due to inadequate input sanitization, allowing an attacker to inject malicious scripts that will execute in the context of the targeted administrator's session so as to hijack admin's credential.
[Steps to Reproduce]
1. Log in /admincp in vBulletin Admin Control Panel.
2. Through the 'url' parameter, it is possible to inject JS code to escape, bypass white space then trigger XSS.
[Malicious Payload]
Save the changes or perform a relevant action to trigger the execution of the injected script.
The malicious script executes, proving the existence of the XSS vulnerability.
[Affected Versions]
The vulnerability has been confirmed in vBulletin 6 Connect latest version 6.0.0. However, it is likely that the XSS issue also affects lower versions of the software.
An attacker exploiting this vulnerability could gain unauthorized access to the Admin Control Panel and potentially compromise the site's sensitive data, modify site content, and carry out other malicious actions using the administrator's privileges.
[*] I recommend the following steps to mitigate the XSS vulnerability:
1.Update the vBulletin software to the latest version (if available) to ensure the fix for this vulnerability is applied.
2.Implement proper input validation and output encoding to prevent XSS attacks in various sections of the Admin Control Panel.
3.Conduct a comprehensive security review to identify and address other potential security flaws in the software.
# Shout out to [TP Cyber Security]
Copy link

oh, man! this dude is incredible

Copy link

This is very good

Copy link

Was the url reflected? I don't see it anymore reflected after giving the request. BTW not working to me for 5.7.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment