VbBux and vbPlaza 'vbplaza _ lottery_history 'parameter SQL Injection Vulnerability

Release date:
Updated on:

Affected Systems:
VBulletin vbBux 4.0.3
VBulletin vbPlaza 4.0.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61723

VBulletin is a powerful and flexible forum program suite that can be customized based on your needs.

The 'vbplaza _ lottery_history 'variables of vbBux and vbPlaza 4.0.3 are inserted into the statement if they are not properly filtered. The SQL injection vulnerability exists in implementation, after successful exploitation, attackers can perform unauthorized database operations.

<* Source: n3tw0rk

Link: http://packetstormsecurity.com/files/122774/vbbuxvbplaza-sql.txt
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

POC
You will need Admincp Access then go
Http: // localhost/admincp/vbplaza_lottery.php? Do = searchhistory then in
Force read order column put
'Into the search bar and result shocould show
Database error in vBulletin 4.2.1:

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

VBulletin
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.vbulletin.org/forum/portal.php