PDA

View Full Version : Potential Phishing Vector


vB.Org System
06-02-2011, 03:40 PM
We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.

It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.

Generic example of the Phishing Attempt:

User can post a fake thread inviting others to reset their passwords using the provided link
User edits the link to append an incorrect ?last location? to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
For example: http://www.vbulletin.com/forum/login...www.google.com (http://www.vbulletin.com/forum/login.php?do=lostpw&url=http://www.google.com)
Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information.This vector was reported by:

Robert Gilbert
HALOCK Security Labs
http://blog.halock.com


More... (http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?goto=newpost)