"Locale problems" in both the 32-bit & 64-bit versions of Debian 8 droplets
Create a new Debian 8 droplet and login as root
:
[Summary] | |
I have discovered a Cross-Site Scripting (XSS) vulnerability in vBulletin latest version 6.0.0, which also impacts lower versions. The vulnerability allows an attacker to inject malicious scripts into the Admin Control Panel, potentially leading to unauthorized access, data theft, or further exploitation. | |
[Description] | |
The XSS vulnerability can be triggered when an authenticated user accesses to path `/admincp` and try to login to the Admin Control Panel. The vulnerability is due to inadequate input sanitization, allowing an attacker to inject malicious scripts that will execute in the context of the targeted administrator's session so as to hijack admin's credential. | |
[Steps to Reproduce] | |
1. Log in /admincp in vBulletin Admin Control Panel. | |
2. Through the 'url' parameter, it is possible to inject JS code to escape, bypass white space then trigger XSS. |