Cerrado

vBulletin [url removed, login to view] XSS to CRSF payload

As you know, an admin or moderator can post the html codes via announcements in the vbulletin by visiting this link in vb forum

posting from moderator cp

[url removed, login to view]

I need a payload developed which will execute the CRSF sploit via [url removed, login to view] in vbulletin. It must be able to execute the CRSF sploit to inject the arbitrary php code in the plugin hooks of vbulletin via admincp of the forum automatically when admin visit the announcemnt post containing that specific payload.

So when admin visits the announcemnt post containing the payload eg.

[url removed, login to view]

The code will be injected here in the background:-

[url removed, login to view]

the payload will be [url removed, login to view] and to exploit it one need to make new html enabled announcemnt in vbulletin like this

[url removed, login to view]

There already exists the similar exploit but in different form here:-

[url removed, login to view]

The above sploit is used to sploit the vbseo vuln and to do php code injection into hooks via crsf. We just need to modify that sploit to make it work in our situation.

I am also providing the example exploit for modification from the above page here:-

[url removed, login to view]

It will be small time work for the experienced coder to make it workable as you only need to modify the already existing sploit.

The sploit must be working against the latest vbuletin 4.2.2 or at least 4.2.1 version

P.S. This is only for the education purpose as this will be used to pentest my clients and to prevent system comprise in similar situations.

P.S.S. I am, expecting a bids of around 50$

Habilidades: PHP, Arquitectura de software, vBulleting, Seguridad web

Ver más: vbulletin hooks, purpose of a forum, comprise software, pentest, injection js, plugin php, post execute, shell add file, http inject, php plugin system example, exploit code, php system background, php small codes, injection xss, vbulletin admincp, example plugin javascript code, php code example, add page vbulletin, plugin vbseo, png php code, php education, software forum automatically, javascript injection, file injection, php html png

Información del empleador:
( 15 comentarios ) Florida City, India

ID de proyecto: #5227982

0 los freelancers están ofertando un promedio de $ para este trabajo.

splendidgroups

hi , i am ready to work with you on least amount while giving you better quality then any other one !! the reason is just to create a long term realtions with you and your organization !! i am having more then Más

$123 USD en 3 días
(1 comentario)
1.0
hYrSiUvsDiol

Hi we are a team of freelance software developers, if you contact me at our website we can discuss the details of the project. w w w . so lv e r . i o

$155 USD en 3 días
(0 comentarios)
0.0