Hello Everybody Today I write About Reflected XSS In vBulletin
And How me Found After failed trying
My Story
I’m going in H1 Privte program Target and Check all Subs
I Used all Methodologies for finding any vulnerability
After this and all the attempts I made, I lost hope And Stoping Discovering
about Vulnerabilities in This Target
This is Disappointend me…..
But after 7days i back for this target and i check With determination.
And Scan All Subdomains Step by Step Check any parameter and Fuzzing Directories With Tool Such as
Dirb
FFUF And Used Burp pro cracked :)
After all this not found anything How? nothing .
i’m Used Tool Easy Code call it is called gdork.php
This is Url the tool:-
And Check this dork site:example.com inurl:php
Founding Fourm useing vBulletin 5.5.3 , 5.5.4
Now I Scanning this site and Search About this Version Vulnerabilities
I found CVE : CVE-2019-14538 hhhhhhhh:)))
I try it but not working What happens now ??
Now All The fine
The vuln was here admincp/index.php this dir in not found giveing me 404 now I Remembered vb :) and switched it to try the moderator panel. modcp/index.php it is worked finally
The Example:-
https://target.com/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(‘xElkomy’)&loginerror_arr[2]=1&vb_login_username=admin
And Click Now Here.
Regards , xElkomy