Vulnerabilities > CVE-2004-2076 - Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0Rc4

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
jelsoft
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Vulnerable Configurations

Part Description Count
Application
Jelsoft
1

Exploit-Db

descriptionVBulletin 3.0 Search.PHP Cross-Site Scripting Vulnerability. CVE-2004-2076. Webapps exploit for php platform
idEDB-ID:23691
last seen2016-02-02
modified2004-02-13
published2004-02-13
reporterRafel Ivgi The-Insider
sourcehttps://www.exploit-db.com/download/23691/
titleVBulletin 3.0 - Search.PHP Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idJELSOFT_VBULLETIN_XSS.NASL
descriptionThere is a cross-site scripting issue in vBulletin that may allow an attacker to steal a user
last seen2020-06-01
modified2020-06-02
plugin id12058
published2004-02-16
reporterThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/12058
titlevBulletin search.php query Parameter XSS
code
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if(description)
{
 script_id(12058);
 script_version ("1.22");
 script_cve_id("CVE-2004-2076");
 script_bugtraq_id(9649, 9656);
 
 script_name(english:"vBulletin search.php query Parameter XSS");

 script_set_attribute(attribute:"synopsis", value:
"The remote host contains a PHP application that is vulnerable to a
cross-site scripting attack." );
 script_set_attribute(attribute:"description", value:
"There is a cross-site scripting issue in vBulletin that may allow an
attacker to steal a user's cookies." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/353869" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/16");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/13");
 script_cvs_date("Date: 2018/11/15 20:50:19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_summary(english:"Checks for JelSoft VBulletin");
 script_category(ACT_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); 
 script_family(english:"CGI abuses : XSS");
 script_dependencies("vbulletin_detect.nasl", "cross_site_scripting.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_ports("Services/www", 80);
 script_require_keys("www/PHP");
 exit(0);
}

# The script code starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);

# Test an install.
install = get_kb_item(string("www/", port, "/vBulletin"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
 d = matches[2];
 test_cgi_xss(port: port, cgi: "/search.php", dirs: make_list(d),
 qs: "do=process&showposts=0&query=<script>foo</script>",
 pass_re: "<script>foo</script>");
}

References