VBulletin rce 0day Analysis
VBulletin is a leading foreign Forum program, which is generally called VBB in China. It is developed based on PHP + mySQL. vBulletin is a commercial software and is paid.VBulletin allows remote upload of files through
Release date: 2013-10-04Updated on:
Affected Systems:VBulletin 5.xVBulletin 4.xDescription:--------------------------------------------------------------------------------VBulletin is a powerful and flexible forum program suite that can be
"Simple text typesetting by VB code"
Reason: 1.1. The 4 version does not have these, and the domestic more famous Ubb hack House adds a lot of UBB code (VB code) for the text typesetting.
Advantages: Only a few lines, can be achieved, very
Release date:Updated on:
Affected Systems:VBulletinDescription:--------------------------------------------------------------------------------Bugtraq id: 56877
VBulletin is a powerful and flexible forum program suite that can be customized based on
VBulletin HACK
----Show topic size and open new Window on Forum index page
Author: gogosoft
"Show topic Size"
Reason: 1.1. This feature is not available in version 4, and some users use it as a reference for viewing the topic.
Pros: Just add a few
VBulletin is a famous commercial Forum program. The EggAvatar plug-in vBulletin 3.8.x has the SQL injection vulnerability, which may cause sensitive information leakage.
[+] Info:~~~~~~~~~EggAvatar for vBulletin 3.8.x SQL Injection Vulnerability
[+]
I believe many enterprises will purchase VBulletin as the development framework of Enterprise Forums, blogs, or CMS. When you are new to VBulletin, you may be confused. Or you can add your own fancy logic to some pages through your own painstaking
VBulletin Forum 2.3.xx SQL injectionthere exist a SQL injection problem in calendar.php.
--------Cut from line 585 in calendar.php----------
else if ($action = = "Edit")
{
$eventinfo = $DB _site->query_first ("Select
VBulletin HACK
----Display the topic size and open a new window on the Forum index page
Author: gogosoft
"Show topic Size"
Cause: 1.1.4 does not have this feature, and some users will use this as a reference to whether to view the topic.
Advantages:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.