.o8                                               oooo   o8o  
	"888                                               `888   `"'  
	888oooo.  oooo  oooo  oooo d8b  .oooo.o  .oooo.    888  oooo  
	d88' `88b `888  `888  `888""8P d88(  "8 `P  )88b   888  `888  
	888   888  888   888   888     `"Y88b.   .oP"888   888   888  
	888   888  888   888   888     o.  )88b d8(  888   888   888  
	`Y8bod8P'  `V88V"V8P' d888b    8""888P' `Y888""8o o888o o888o 
                                                               



Technical Information
==============
Testing Date:            	06.10.2010 - 19.27
Tested on OS:           	Windows Seven x86

Vulnerable Products:    	vBulletin
Product Version:        	x - 4.0.7
Vulnerability Type(s):   	Persistent Cross Site Scripting
Security-Risk:           	Medium [But remember. Persistent XSS is still dangerous!]

Vendor-URL:              	http://vbulletin.com



Vulnerability Details
==============
It is possible to inject code using the vBulletin Notice Manager.
You need an account with enough rights to create notices!


Proof of Concept
==============

1.) Input:



2.) Simple document.cookie output:



3.) Inject Frame Code:



4.) Inject iFrame:




Fix or Patch
==============
Wait for an update from the vBulletin Team or format the inserted 
content via special-chars to fix this.



Last words
==============
For questions or donations, you can feel free to contact websec@bursali.eu.



Credits
==============
The author & writer bursali.


(c) 2009-2010 bursali.eu