The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Security Issue ?
I'm just an admin at a site running 3.8.5; I don't have the licensing info, so I couldn't post this in the proper forum. I'm sorry.
I've recently discovered a PHP injection scheme using the "Upload from URL" feature. Here's the scenario: 1) Someone creates a URL on their own server that looks like an image url (allowed attachment type). 2) Their server dynamically changes the mime content type to txt/php. 3) Once the attachment is uploaded, the user can run the script directly out of their attachments folder... eg... user ID of 123... script name of exploit.php gives-- www.yourserver.com/attachments/1/2/3/exploit.php Maybe this has been reported before; but we've had a script kiddie inject an email script into our server, and he's been sending spam from it. Maybe there's another way to get a php file uploaded through the attachments--we're certainly not allowing any php extensions in our allowed extensions. Thanks F. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|