Network Penetration Testing

Uploader.swf flash file in vBulletin forum vulnerable to XSS

Uploader.swf flash file in vBulletin forum vulnerable to XSS: Attention! vBulletin forums users, there is a flash file in the vBulletin forum software which is vulnerable to Cross site scripting(XSS).

The file “Uploader.swf” is located either in located in ‘clientscript/yui/uploader/assets’ or ‘/core/clientscript/yui/uploader/assets’.

“It has come to our attention that there is a security issue in the uploader.swf file included as part of the Yahoo User Interface (YUI) library included in vBulletin 4. As the version of YUI included in vBulletin is end-of-lifed, Yahoo will not be fixing this issue.” vBulletin Security advisory reads.

vBulletin recommends users to delete the Uploader.swf file from your forums and replace it with another empty file provided in their forum.  This will force the vBulletin to use javascript based uploader instead.

Proof of concept:
http://forum_Domain/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\”})))}catch(e){alert(/XSS/);}//