Jump to content
Nytro

[RST] vBulletin 5.1.2 SQL Injection

Recommended Posts

Author: Nytro @ Romanian Security Team

All details will be available after a fix from vBulletin.

  • Upvote 5
  • Downvote 1

Share this post


Link to post
Share on other sites

Felicitari, mai bine il pastrai privat luand in considerare faptul ca sunt niste cacanari.

Share this post


Link to post
Share on other sites

Thanks. Astept un fix de la vBulletin, un realease care sa repare problema, mai astept putin sa isi mai faca lumea update apoi public exploit-ul.

Share this post


Link to post
Share on other sites

Nu e blind, dar l-am facut dimineata la 7 inainte sa plec la munca si nu am avut timp sa il fac altfel.

Fac un request pentru un caracter (SUBSTR). Se putea si altfel, dar era un query urat si nu am avut timp sa ma complic.

Share this post


Link to post
Share on other sites

Sucuri

"

This vulnerability was discovered by the Romanian Security Team (RST), so it could already be used in the wild on 0-day attacks. If you can’t patch vBulletin, we recommend blocking access to the memberlist page in the mean time.

"

Share this post


Link to post
Share on other sites

Chiar daca cei de la vbulletin nu merita raportul, trebuie apreciat gestul tau. Felicitari!

// Cat a timp durat pana ai gasit 0day-ul? Plt, nu ai zis nimanui ca mai e vbulletin 5 pe server, ne bagam si noi. :D

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...