Description: --------------- VBulletin discussion forum (http://www.vbulletin.com) does not properly validate the input for html tag enabled forums, allowing arbitrary JavaScript code to be run for any access level user. Prof of concept: ---------------- <b onMouseOver="alert(document.location);">This piece of text could be dangerous if you were to move your mouse over it!</b> In action here: http://www.vbulletin.com/admindemo/showthread.php?threadid=3 Workaround: ----------- Disable the ability to post messages containing HTML code Vulnerable Versions: -------------------- 2.2.7 2.2.8 Not vulnerable: --------------- ? Special thanks -------------- To Pete Foster <pete@sec-tec.demon.co.uk> for finding the same problem in phpBB which gave me idea to investigate. --------------------------------- Dorin Balanica dorin@bados.com Security Officer, bados.com
