PDA

View Full Version : Try to hack this VBulletin



kung foo man
16th November 2017, 14:48
Yo all,

just noticed this strange "Test" guy and had a bad feel about the forum security, as if he needed a thread to test some exploits or something. I googled some VB exploits and immediately found something.

Fixed stuff:

1) https://www.exploit-db.com/exploits/37815/

Memcached is by default configured to only accept requests from localhost, but VBulletin allows users to e.g. reference images by URL. A malicious user can then just craft an URL like http://localhost:11211/someMemCacheCommands... and memcached would execute that.

2) https://www.exploit-db.com/exploits/40751/

forumrunner stuff, got rid of whole folder

3) https://packetstormsecurity.com/files/130588/vBulletin-4.2.2-Remote-Code-Injection.html

Removed visitormessage.php, since it's connected to a MySQL injection and those "visitor messages" are pretty useless nonetheless.

4) https://packetstormsecurity.com/files/128696/vBulletin-4.x-SQL-Injection.html (./includes/api/4/breadcrumbs_create.php)

Changed line to $conceptId = intval( $vbulletin->GPC['conceptid'] );

-----

But yea, if anybody has fun to try to hack this forum, you are allowed to. If you got something interest, please discuss via Steam or PM. If functionality is crucial, I will keep it, otherwise just get rid of such potential security issues.

Lonsofore
16th November 2017, 21:04
Good job, kung :)