--------------------------------- XSS in Vbulletin 3.6.0 in IE 0nly --------------------------------- Author: Stefan Email: stefan@xxxxxxxxxxxxx Group: EnigmaGroup --------------------------------- Vulnerable: vbulletin 3.5.4 in IE Vulnerable: vbulletin 3.6.0 in IE --------------------------------- Javascript may be executed by saving code as .pdf and uploading as attachment.This only works in IE ----------------------------------- Poc: http://www.xandith.com