VBulletin rce 0day Analysis
VBulletin is a leading foreign Forum program, which is generally called VBB in China. It is developed based on PHP + mySQL. vBulletin is a commercial software and is paid.VBulletin allows remote upload of files through
Unserialize (): vBulletin 5.x. x Remote Code Execution
Recently, a vBulletin RCE exploitation and brief analysis were exposed. The cause of this vulnerability is that the vBulletin program uses unserialize () when processing Ajax API calls () the
Release date: 2013-10-04Updated on:
Affected Systems:VBulletin 5.xVBulletin 4.xDescription:--------------------------------------------------------------------------------VBulletin is a powerful and flexible forum program suite that can be
VBulletin HACK
----Show topic size and open new Window on Forum index page
Author: gogosoft
"Show topic Size"
Reason: 1.1. This feature is not available in version 4, and some users use it as a reference for viewing the topic.
Pros: Just add a few
VBulletin HACK
----Display the topic size and open a new window on the Forum index page
Author: gogosoft
"Show topic Size"
Cause: 1.1.4 does not have this feature, and some users will use this as a reference to whether to view the topic.
Advantages:
VBulletin HACK
----Display the topic size and open a new window on the Forum index page
Author: gogosoft
"Show topic Size"
Cause: 1.1.4 does not have this feature, and some users will use this as a reference to whether to view the topic.
Advantages:
You only need to make a simple modification to achieve static vbb URL. Of course, the server must support the rewrite function.The Forum version is vbulletin v3.6.8 Standard Edition.------------------------- Step 1 -----------------------------------
Build a perfect server platform in Windows (Apache + JSP + CGI + PHP + ASP + MySQL)
You need to download several software packages:
1. php-5.0.2-Win32
2. apache_2.0.52-win32-x86-no_ssl
3. mysql-5.0.1-alpha-snapshot-win
4. iasp2.1.01
5.
Some time ago completed the server from FreeBSD4.10 to 6.1 upgrade, while the PHP also upgraded to the latest Php5.1.4,apache also upgraded to the latest Apache2.2, in order to better improve the performance of the system to consider some of the PHP
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.