Vulnerability Development mailing list archives
Re: vBulletin Security Vulnerability
From: Curt Rebelein Junior <curt () rebby com>
Date: Tue, 20 Jan 2004 13:08:24 -0600
What versions of vBulletin does this affect? What version is the oldest patched version? Like all vB security related bugs, I see no mention of this on the vB forums. A long time ago (Tue Jan 20). In a galaxy far away... gcf () hush com wrote: # -----BEGIN PGP SIGNED MESSAGE----- # Hash: SHA1 # # - - ------------------------------------------------------- # GERMAN COMPUTER FREAKS - SECURITY ADVISORY - SINCE 1997 # January 20st, 2003 # - - ------------------------------------------------------- # # Software : vBulletin Bulletin Board # Vendor : Jelsoft Enterprises Limited / inGame GmbH # Vulnerability : Cross Site Scripting # Status : Author has been notified # # - - ------------------------------------------------------ # # - - - - Description # # vBulletin Bulletin Board derivatives contain a security bug # that may lead to disclosure of private informations due to a # cross site scripting attack. # # This vulnerability may enable an attacker to transmit sensitive # informations like 'encrypted' passwords, user identification # numbers or forum passwords to another server. # # Currently, we will refrain from publishing proof of concept # information to mitigate the impact of this vulnerability. # # - - - - Technical Details # # Due to an improper quoted field in register.php it's possible # to inject malicious HTML code. With the use of Javascript code # an attack is then able to send sensitive informations (like # cookies) to a foreign server. # # Attack Example: # # <form action="http://www.VULN-BOARD.com/register.php" method="GET"> # <input type="hidden" name="reg_site" # value="<SCRIPT><!-- EVIL CODE //--></SCRIPT>"/> # <input type="text" name="email" value="" /> # <input type="submit" value="Show my cookies" /> # # - - - - Patch # # The vendor released a patch for this vulnerability. # # - - - - Closing Words # # 07.01.04 Contacting the board developers and explaining the vulnerability # 08.01.04 Developing a proof of concept tool (undisclosed) # 20.01.04 Disclosure of this advisory to public # # - - - - Greets # # This bug was found by Darkwell. We would like to great Natok! # He's great! # # _________________ ___________ # / _____/\_ ___ \\_ _____/ # / \ ___/ \ \/ | __) # \ \_\ \ \____| \ # \______ /\______ /\___ / # \/ \/ \/ # The German Computer Freaks # www.gcf.de Since 1997 /\ # / \ # ____________________________________________________________/ # / # \ / # \/ # # -----BEGIN PGP SIGNATURE----- # Note: This signature can be verified at https://www.hushtools.com/verify # Version: Hush 2.3 # # wkYEARECAAYFAkANbpsACgkQcd4BvfErJcpzFQCggXQa7WHVZslM1e/3ahG333e8lrMA # oL1vBo7v3oJjMNxhzf3oINBIp8e6 # =msHO # -----END PGP SIGNATURE----- # # # # # Concerned about your privacy? Follow this link to get # FREE encrypted email: https://www.hushmail.com/?l=2 # # Free, ultra-private instant messaging with Hush Messenger # https://www.hushmail.com/services.php?subloc=messenger&l=434 # # Promote security and make money with the Hushmail Affiliate Program: # https://www.hushmail.com/about.php?subloc=affiliate&l=427 -- Curt Rebelein, Junior http://rebby.com
Current thread:
- vBulletin Security Vulnerability gcf (Jan 20)
- Re: vBulletin Security Vulnerability Curt Rebelein Junior (Jan 21)
- Re: vBulletin Security Vulnerability Curt Rebelein Junior (Jan 21)
- RE: vBulletin Security Vulnerability Ferruh Mavituna (Jan 21)
- <Possible follow-ups>
- Re: vBulletin Security Vulnerability Kier Darby (Jan 22)
- RE: vBulletin Security Vulnerability Ferruh Mavituna (Jan 23)
- RE: vBulletin Security Vulnerability Scott MacVicar (Jan 23)
- RE: vBulletin Security Vulnerability - POC Ferruh Mavituna (Jan 26)