Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
Reload this Page 'last.php' 3rd Party vBulletin Hack Lets Remote Users Inject SQL Commands
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 11-15-2004, 12:50 PM
deepdark's Avatar
deepdark deepdark is offline
 
Join Date: Dec 2001
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default 'last.php' 3rd Party vBulletin Hack Lets Remote Users Inject SQL Commands
Input Validation Error in 'last.php' 3rd Party vBulletin Hack Lets Remote Users Inject SQL Commands

SecurityTracker Alert ID: *removed*
SecurityTracker URL: *link removed*
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Updated: Nov 12 2004

Original Entry Date: Nov 11 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Description: An input validation vulnerability was reported in the 'last.php' hack for vBulletin. A remote user can inject SQL commands. The script is a 3rd party product and is not part of the vBulletin product.

Dr. Death reported that 'last.php' does not properly validate user-supplied input in the 'fsel' parameter. A remote user can submit a specially crafted HTTP request to inject SQL commands on the underlying database.

A demonstration exploit is provided:

*removed*

Impact: A remote user can execute SQL commands on the underlying database.

Solution: No solution was available at the time of this entry.

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: "Dr. Death" <drdeath4ever@hotmail.com>

Message History: None.

__________________________________________________ ______________

Date: Thu, 11 Nov 2004 05:29:44 +0000
From: "Dr. Death" <drdeath4ever@hotmail.com>
Subject: SQL injection in vBulletin forums (last10.php)





hi all,

a new SQL injection found in VBulletin Forums 3.0.x

the Vulnerabilite found in last.php, last 10 topics hack.


*removed*

to solve the problem delet fsel? from ttlast.php and last10.php

Best Regards,
Dr.Death
THE MAN OF THE DARK SIDE


NEWS LINK:h*removed*
Closed Thread

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:08 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06270 seconds
  • Memory Usage 2,192KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete