HI all.
Well some days ago a new cross scripting exploit was found in vbulletin (register.php).
Now I want to see if any one has a good tutorial on this kind of exploit.
Please don't tell me "Go search google" Because I have done it.
I have read the tutorials in articals section too.And again i have read Xss faq too + the refrence.
Thanks in forward.

Hi r00tless!
I have only the exploit code too and i don't know how to use this one
I'm really curious....

can someone post a link to the full disclosure...so i can take a look at it ,

thanks

I have only this:

http://packetstormsecurity.nl/0308-advisor...s/vbulletin.txt

take a look ComSec

Basically, you setup a site that uses PHP or PERL and write a script that steals thier cookie.

You use the XSS to inject code that will redirect them to your script.


IE...

You send them a link that is vulnerable to XSS.

Thanks man I read that tutorial.
But now I have a question

Do you mean after injecting the script,It will always redirect the users to our site?

Or Is it just a session between us and the vulnerable site?
And in this session our script will steal cookies.

How can we explain this?

I think I gonna get confiused

If any body knows the theory server of this kind of exploit please let me know.
(Infact I want to know what happens when we use this exploit?... How does vulnerable server see this exploite? And ...)

Thanks inforward.[B]