Posts vBulletin 5.5.3 And 5.5.4 Reflected XSS

vBulletin 5.5.3 And 5.5.4 Reflected XSS


Hello Everybody Today I write About Reflected XSS In vBulletin

And How me Found After failed trying

My Story

I’m going in H1 Privte program Target and Check all Subs

I Used all Methodologies for finding any vulnerability

After this and all the attempts I made, I lost hope And Stoping Discovering

about Vulnerabilities in This Target

This is Disappointend me…..

But after 7days i back for this target and i check With determination.

And Scan All Subdomains Step by Step Check any parameter and Fuzzing Directories With Tool Such as


FFUF And Used Burp pro cracked :)

After all this not found anything How? nothing .

i’m Used Tool Easy Code call it is called gdork.php

This is Url the tool:-


And Check this dork inurl:php

Founding Fourm useing vBulletin 5.5.3 , 5.5.4

Now I Scanning this site and Search About this Version Vulnerabilities

I found CVE : CVE-2019-14538 hhhhhhhh:)))

I try it but not working What happens now ??

Now All The fine

The vuln was here admincp/index.php this dir in not found giveing me 404 now I Remembered vb :) and switched it to try the moderator panel. modcp/index.php it is worked finally

The Example:-[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(‘xElkomy’)&loginerror_arr[2]=1&vb_login_username=admin

And Click Now Here.

Regards , xElkomy

This post is licensed under CC BY 4.0 by the author.