Announcement

Collapse
No announcement yet.

Serious administration status vulnerability?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Serious administration status vulnerability?

    A few days ago I've noticed that a user, who had registered normally on the forum I'm administrating and wasn't given any privileges, has exploited some vulnerability in vB 3.5.3, which apparently gave him complete administration privilages over the entire forum and thus freedom of bans by both nickname and IP and is continuing the exploitation of this vuln even after the forum has been updated to 3.5.4.

    I've searched around many bug trackers and such but haven't found any mention of such a serious vulnerability in the latest version(s) of vBulletin.
    I know for sure that complete administration privilages are the case because he's even quoted the contents of the administration panel (the reason I had typed in for banning him) to me via PM and written several times in closed topics as well as the fact that the exploiter is avoiding all bans and restrictions while his status remains that of a regular user, thus all privileges are as they should be and his user group being still set to "Banned Users".

    Perhaps I missed some confirmation on such a serious issue?

  • #2
    First off, I'd htaccess protect your AdminCP and ModCP folders. Also, change the passwords on your server (FTP, MySQL, SSH, ...) as well as the passwords of all your staff.
    Best Regards
    Colin Frei

    Please don't contact me per PM.

    Comment


    • #3
      My first action after he was able to break through an IP ban was obviously htaccess blocking and password changing but I have absolutely no idea what he could have exploited to gain such privileges without a single sign of them and that somewhat troubles me as well considering the seriousness of such a vuln.

      Comment


      • #4
        There are no known vulnerabilites in vBulletin 3.5.4, but 3.5.3 had an XSS issue which may have allowed him to steal a cookie from you.
        Best Regards
        Colin Frei

        Please don't contact me per PM.

        Comment


        • #5
          Originally posted by Colin F
          There are no known vulnerabilites in vBulletin 3.5.4, but 3.5.3 had an XSS issue which may have allowed him to steal a cookie from you.
          Code:
           
          just came across this , *************************
           
          if mods/admins feel if its not save to have the link here they can move it.
          just wanted to know is there a vulnerability still with 3.5.4 as mentioned on that page.
          Last edited by Colin F; Sat 8th Apr '06, 5:05am. Reason: Removed link

          Comment


          • #6
            Scott explains that here: http://www.vbulletin.com/forum/showp...7&postcount=18

            I've removed the link anyhow
            Best Regards
            Colin Frei

            Please don't contact me per PM.

            Comment


            • #7
              As I always say take third party security announcements with a pinch of salt, if there had been a problem we'd have made a release already and notified everyone.
              Scott MacVicar

              My Blog | Twitter

              Comment

              Loading...
              Working...
              X