Description: This video demonstrates a recently created tool (EvilWebTool) which abuses a flaw in vBSEO (persistent cross-site scripting), allowing an attacker to inject persistent scripts into the linkback moderation queue.
When an administrator views the moderation queue, an external payload (written in javascript) is loaded directly into the browser window silently, where it without user interaction performs a hidden request to add a new payload to vBulletin, containing PHP Code which the attacker specified in the tool.
You can download this tool at Exploit-DB and maybe, at InterN0T as well.
Check out www.intern0t.net , www.exploit-db.com and twitter.com/intern0t !
If you're more an IRC guy, check out: #exploitdb and #intern0t on irc.freenode.org !
Tags: vbseo , vbulletin , xss , 0day , intern0t , maxe , underground , security , training , evilwebtool , trojan , python , javascript , persistent , cross-site , scripting , cross , site , scripting , exploit-db , exploitdb , maxe , legend , ethical , hacking , osce , community , zeroday ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.