Announcement

Collapse
No announcement yet.

And?... what about...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • And?... what about...

    ...This exploit?:

    Code:
     SQL injection in vBulletin forums
      Date: Nov 11 2004 
      
      Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
      
      Exploit Included: Yes 
      
      Version(s): 3.0.x 
      
      Description: 
      
      An input validation vulnerability was reported in vBulletin in 'last.php'. A remote user can inject SQL commands. 
      Dr. Death reported that 'last.php' does not properly validate user-supplied input in the 'fsel' parameter. A remote user can submit a specially crafted HTTP request to inject SQL commands on the underlying database.
      
      A demonstration exploit is provided:
      last.php?fsel=,user.password%20as%20title,u ser.%20 
      %20%20%20username%20as%20lastposter%20FROM%20user,   
      thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT   %201 
      
      
      Impact: 
      A remote user can execute SQL commands on the underlying database.
      
      
      Solution: 
      No solution was available at the time of this entry.
      
      
      Vendor URL: www.vbulletin.com/ (Links to External Site) 
      
      Cause: Input validation error 
      
      Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
      
      Reported By: "Dr. Death" <d[email protected]>
    Is vb3.0.3 secure now?
    The patch?... when?

    I don't want to try... if this exploit exist.

  • #2
    Hmmm.... I am not aware of a last.php file.... sounds like a load of baloney to me.
    John

    Comment


    • #3
      This is not an exploit in vBulletin 3.0.X, as that file is not included in a default installation. It is from someone's personal modifications that they haven't secured.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X