CVE-2004-1824

Jelsoft vBulletin < 3.0 - Cross-Site Scripting via Memberlist What Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1824. PoCs published by Sp.IC.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in vBulletin by crafting a malicious link that steals cookies from legitimate users. The PoC logs stolen cookies to a file and provides options to view, download, or delete the logs.

Description

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sp.IC · phpwebappsphp

https://www.exploit-db.com/exploits/22030

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in vBulletin by crafting a malicious link that steals cookies from legitimate users. The PoC logs stolen cookies to a file and provides options to view, download, or delete the logs.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: vBulletin (version not specified)

No auth needed

Prerequisites: Victim must click a malicious link · vBulletin instance must be vulnerable to XSS via URI parameters

MITRE ATT&CK