vBulletin 2
2.3.* - SQL injection
2.*.* - XSS
vBulletin 3.0
3.0.0 - XSS
3.0-3.0.4
3.0.3–3.0.9 & 3.5.4 XSS
3.6.3 - VBulletin DoS Exploit
# VBulletin DoS Exploit
#
# The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works
#
# important => Image Verification in (search.php) is NOT Enabled.
# It works on 3.6.3 and prior [all] !
#
#Perl script
3.6.5 - Sql Injection [misc.php]
3.6.6 - XSS
Advisory Text :
vendor site:http://www.vbulletin.com/
product:vbulletin < 3.6.6
bug: permanent xss
affected file: calendar.php
risk : medium
3.7.2 - XSS in admin logs
2.3.* - SQL injection
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
2.*.* - XSS
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
vBulletin 3.0
3.0.0 - XSS
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
3.0-3.0.4
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
3.0.3–3.0.9 & 3.5.4 XSS
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
3.6.3 - VBulletin DoS Exploit
# VBulletin DoS Exploit
#
# The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works
#
# important => Image Verification in (search.php) is NOT Enabled.
# It works on 3.6.3 and prior [all] !
#
#Perl script
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
3.6.5 - Sql Injection [misc.php]
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
3.6.6 - XSS
Advisory Text :
vendor site:http://www.vbulletin.com/
product:vbulletin < 3.6.6
bug: permanent xss
affected file: calendar.php
risk : medium
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.
3.7.2 - XSS in admin logs
- Code:
Guests are not allowed to view code. To enable the
viewing of code, please click 'here' to register.