While exploiting this vulnerability, an attacker will try to send a malicious HTTP POST request with a parameter named ‘routestring’ with the value ‘ajax/render/widget_php’. An attacker will also send along the code to be executed by a server running a vulnerable version of vBulletin. If you're using version 3.8.6 or before, then you should upgrade to your installation of vBulletin to 3.8.9. This should not affect your modified settings. Advisory : Exploit for vBulletin 'obscure' XSS Release Date : June 13th 2008 Application : vBulletin Version : vBulletin 3.7.1 and lower, vBulletin 3.6.10. Make sure to overwrite the existing files on your server. ![]() On Monday, September 23 rd, an anonymous security researcher posted a working exploit for vBulletin Content Management System on Full Disclosure mailing list. Full Disclosure is a public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The vulnerability affects versions 5.0.0 to 5.5.4. At the time of writing this article, previous versions of vBulletin were not deemed vulnerable by this exploit.įurthermore, Security Researchers at F5 Networks have already detected a threat campaign targeting this zero-day vulnerability.īased on preliminary analysis, the vulnerability lies in the file ‘/includes/vb5/frontend/controller/bbcode.php’. Function evalCode within the PHP file accepts $code as the parameter and executes it using the PHP eval() function. The code sent to this function thus executes with the same permissions as the user running vBulletin process.įigure 1 evalCode function within bbcode.php fileĪSM customers under any supported BIG-IP version are already protected against this vulnerability. 1) Download the appropriate files for your version of vBulletin 3 2) Upload all files found within the zip file.
0 Comments
Leave a Reply. |