Nytro Posted July 15, 2014 Report Share Posted July 15, 2014 Author: Nytro @ Romanian Security Team All details will be available after a fix from vBulletin. 4 1 Quote Link to comment Share on other sites More sharing options...
aelius Posted July 15, 2014 Report Share Posted July 15, 2014 Asta da show off. Quote Link to comment Share on other sites More sharing options...
AlStar Posted July 15, 2014 Report Share Posted July 15, 2014 Mi-a placut finalu: "Si daca nu esti sigur, na demo pe boardu oficial. BAM! " Felicitari! Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 15, 2014 Author Report Share Posted July 15, 2014 Thanks. Postasem si pe forumul lor, dar au sters postul. Quote Link to comment Share on other sites More sharing options...
io.kent Posted July 15, 2014 Report Share Posted July 15, 2014 Jos palaria! Au sters postul din cauza ca nu accepta realitatea, foarte frumos felicitari Nytro! Quote Link to comment Share on other sites More sharing options...
1337 Posted July 15, 2014 Report Share Posted July 15, 2014 Felicitari, mai bine il pastrai privat luand in considerare faptul ca sunt niste cacanari. Quote Link to comment Share on other sites More sharing options...
.Breacker Posted July 15, 2014 Report Share Posted July 15, 2014 Un ShowOff de calitate .Du-te si pe la NASA putin,fa-le o vizita . Quote Link to comment Share on other sites More sharing options...
Open Posted July 15, 2014 Report Share Posted July 15, 2014 Foarte frumos, faci public si exploitu? Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 15, 2014 Author Report Share Posted July 15, 2014 Thanks. Astept un fix de la vBulletin, un realease care sa repare problema, mai astept putin sa isi mai faca lumea update apoi public exploit-ul. Quote Link to comment Share on other sites More sharing options...
nein Posted July 15, 2014 Report Share Posted July 15, 2014 90% din toate forumurile au vBulletin si 5.1.2Felicitari ! Quote Link to comment Share on other sites More sharing options...
Vlachs Posted July 15, 2014 Report Share Posted July 15, 2014 Felicitari dar sincer lipseste ceva...winamp-ul cu Denisa Quote Link to comment Share on other sites More sharing options...
kumudam Posted July 16, 2014 Report Share Posted July 16, 2014 din cate imi dau seama este un blind in POST ...sau inca e secret? Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 16, 2014 Author Report Share Posted July 16, 2014 Nu e blind, dar l-am facut dimineata la 7 inainte sa plec la munca si nu am avut timp sa il fac altfel.Fac un request pentru un caracter (SUBSTR). Se putea si altfel, dar era un query urat si nu am avut timp sa ma complic. Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 16, 2014 Author Report Share Posted July 16, 2014 Softpedia: vBulletin Exploitable Through SQL Injection Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 17, 2014 Author Report Share Posted July 17, 2014 Au lansat patch-ul: Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 - vBulletin Community Forum Quote Link to comment Share on other sites More sharing options...
askwrite Posted July 17, 2014 Report Share Posted July 17, 2014 Felicitari.Acum ca e fixat, ni-l poti oferi? Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 17, 2014 Author Report Share Posted July 17, 2014 Da. Peste cateva zile. Sa aiba lumea timp sa isi faca lumea update. Quote Link to comment Share on other sites More sharing options...
robertutzu Posted July 17, 2014 Report Share Posted July 17, 2014 dat fiind ca sunt multi cu vbulletin neplatit pana vor lua/aparea patch-ul pentru toti va fain disclosure-ul Quote Link to comment Share on other sites More sharing options...
Usr6 Posted July 17, 2014 Report Share Posted July 17, 2014 Sucuri"This vulnerability was discovered by the Romanian Security Team (RST), so it could already be used in the wild on 0-day attacks. If you can’t patch vBulletin, we recommend blocking access to the memberlist page in the mean time." Quote Link to comment Share on other sites More sharing options...
pr0fw3b Posted July 17, 2014 Report Share Posted July 17, 2014 Sunt curios sa vad exploit-ul dar in rest imi place acest showoff .Un adevarat showoff este aceasta. Felicitari nytro . Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 17, 2014 Author Report Share Posted July 17, 2014 Thanks.ComputerWorld: Emergency vBulletin patch fixes SQL injection vulnerability - Computerworld Quote Link to comment Share on other sites More sharing options...
yo20063 Posted July 17, 2014 Report Share Posted July 17, 2014 La mai multe! Beau o bere pentru asta....chiar acum! Quote Link to comment Share on other sites More sharing options...
malsploit Posted July 17, 2014 Report Share Posted July 17, 2014 Era frumos sa zica si aiai de la vBulletin un multumesc ceva. Faceai ceva victime cu el. Quote Link to comment Share on other sites More sharing options...
sensi Posted July 17, 2014 Report Share Posted July 17, 2014 Chiar daca cei de la vbulletin nu merita raportul, trebuie apreciat gestul tau. Felicitari!// Cat a timp durat pana ai gasit 0day-ul? Plt, nu ai zis nimanui ca mai e vbulletin 5 pe server, ne bagam si noi. Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 29, 2014 Author Report Share Posted July 29, 2014 CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5102 Quote Link to comment Share on other sites More sharing options...