# Title: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability # Date: 18/5/12 # Author: Henry Hoggard # Author URL: henryhoggard.co.uk # Author Twitter: @henryhoggard # Software: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2 http://vanillaforums.org/addon/firstlastnames-plugin # http://vanillaforums.org ############################################################# On Edit your account enter your XSS String in either the first name or last name field. Then if a user visits your page the XSS will execute. http://target.tld/index.php?p=/profile/myprofile/1/user XSS: <script>alert('x')</script> ############################################################# http://henryhoggard.co.ukБрой прочитания на тази страница: 861
Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS