OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
XSS in Vbulletin 3.6.0 in IE 0nly

Stefandakotacom.net
Date: Thu Aug 03 2006 - 17:44:55 CDT


---------------------------------
XSS in Vbulletin 3.6.0 in IE 0nly
---------------------------------
Author: Stefan
Email: stefandakotacom.net
Group: EnigmaGroup
---------------------------------
Vulnerable: vbulletin 3.5.4 in IE
Vulnerable: vbulletin 3.6.0 in IE
---------------------------------
Javascript may be executed by
saving code as .pdf and uploading
as attachment.This only works in IE
-----------------------------------
Poc: http://www.xandith.com