Vulnerabilities > CVE-2004-1824 - Cross-Site Scripting vulnerability in VBulletin Memberlist.PHP

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

jelsoft

nessus

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.

Vulnerable Configurations

Part	Description	Count
Application	Jelsoft Jelsoft Vbulletin 2.0 Jelsoft Vbulletin 2.0.1 Jelsoft Vbulletin 2.0.2 Jelsoft Vbulletin 2.0_Beta_2 Jelsoft Vbulletin 2.0_Beta_3 Jelsoft Vbulletin 2.2.0 Jelsoft Vbulletin 2.2.1 Jelsoft Vbulletin 2.2.2 Jelsoft Vbulletin 2.2.3 Jelsoft Vbulletin 2.2.4 Jelsoft Vbulletin 2.2.5 Jelsoft Vbulletin 2.2.6 Jelsoft Vbulletin 2.2.7 Jelsoft Vbulletin 2.2.8 Jelsoft Vbulletin 2.2.9_Can Jelsoft Vbulletin 2.3.0 Jelsoft Vbulletin 2.3.3 Jelsoft Vbulletin 2.3.4	18

Exploit-Db

description	VBulletin 2.0/2.2.x Memberlist.PHP Cross Site Scripting Vulnerability. CVE-2004-1824. Webapps exploit for php platform
id	EDB-ID:22030
last seen	2016-02-02
modified	2002-11-22
published	2002-11-22
reporter	Sp.IC
source	https://www.exploit-db.com/download/22030/
title	VBulletin 2.0/2.2.x Memberlist.PHP Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses : XSS
NASL id	VBULLETIN_XSS2.NASL
description	The remote version of vBulletin is vulnerable to a cross-site scripting issue due to a failure of the application to properly sanitize user-supplied URI input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	14833
published	2004-09-28
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14833
title	vBulletin memberlist.php what Parameter XSS
code	# # (C) Tenable Network Security, Inc. # # Ref: Arab VieruZ <[email protected]> # include("compat.inc"); if(description) { script_id(14833); script_version("1.21"); script_cve_id("CVE-2004-1824"); script_bugtraq_id(6226); script_name(english:"vBulletin memberlist.php what Parameter XSS"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP script that is susceptible to a cross-site scripting attack." ); script_set_attribute(attribute:"description", value: "The remote version of vBulletin is vulnerable to a cross-site scripting issue due to a failure of the application to properly sanitize user-supplied URI input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Nov/298"); script_set_attribute(attribute:"solution", value: "Unknown at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/28"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/11/21"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:jelsoft:vbulletin"); script_end_attributes(); script_summary(english: "Checks memberlist.php XSS flaw in vBulletin"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses : XSS"); script_dependencie("cross_site_scripting.nasl", "vbulletin_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/vBulletin"); exit(0); } # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if ( ! can_host_php(port:port) ) exit(0); if ( get_kb_item("www/" + port + "/generic_xss") ) exit(0); # Test an install. install = get_kb_item(string("www/", port, "/vBulletin")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { dir = matches[2]; test_cgi_xss(port: port, dirs: make_list(dir), cgi: "/memberlist.php", qs: "s=23c37cf1af5d2ad05f49361b0407ad9e&what=<script>foo</script>", pass_str: "<script>foo</script>" ); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References