Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code i

from [pokley] Network Security [Permanent Link]
Subject: [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection
Date: Mon, 21 Feb 2005 11:01:02 +0800 
Summary: vbulletin 3.0.6 and below php code injection

Description
===========
vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and ultra fast back-end database engine built using MySQL.

Details
=======
User may inject php code using "nested variable" into template name when "Add Template Name in HTML Comments" is enable. This option is not enable by default and is not recomended by vbulletin for production environment. The problem occur when user may supply partial template name through misc.php.


Workaround
==========
Disable "Add Template Name in HTML Comments" option.

Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}

Vendor Response
===============
17th February 2005 - Vulnerability found
18th February 2005 - vbulletin developer informed
19th February 2005 - vbulletin developer confirmed
20th February 2005 - Fix Available from vbulletin team

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection, pokley <=
Previous by Date:  The WebConnect 6.4.4 and 6.5 contains several vulnerabilities, CIRT Advisory
Next by Date:  paNews v2.0b4 - PHP Injection, tjomka
Previous by Thread:  The WebConnect 6.4.4 and 6.5 contains several vulnerabilities, CIRT Advisory
Next by Thread:  paNews v2.0b4 - PHP Injection, tjomka
Indexes:  [Date] [Thread] [Top] [All Lists]