Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 11-15-2004, 12:50 PM
deepdark's Avatar
deepdark deepdark is offline
 
Join Date: Dec 2001
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default 'last.php' 3rd Party vBulletin Hack Lets Remote Users Inject SQL Commands

Input Validation Error in 'last.php' 3rd Party vBulletin Hack Lets Remote Users Inject SQL Commands

SecurityTracker Alert ID: *removed*
SecurityTracker URL: *link removed*
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Updated: Nov 12 2004

Original Entry Date: Nov 11 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Description: An input validation vulnerability was reported in the 'last.php' hack for vBulletin. A remote user can inject SQL commands. The script is a 3rd party product and is not part of the vBulletin product.

Dr. Death reported that 'last.php' does not properly validate user-supplied input in the 'fsel' parameter. A remote user can submit a specially crafted HTTP request to inject SQL commands on the underlying database.

A demonstration exploit is provided:

*removed*

Impact: A remote user can execute SQL commands on the underlying database.

Solution: No solution was available at the time of this entry.

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: "Dr. Death" <drdeath4ever@hotmail.com>

Message History: None.

__________________________________________________ ______________

Date: Thu, 11 Nov 2004 05:29:44 +0000
From: "Dr. Death" <drdeath4ever@hotmail.com>
Subject: SQL injection in vBulletin forums (last10.php)





hi all,

a new SQL injection found in VBulletin Forums 3.0.x

the Vulnerabilite found in last.php, last 10 topics hack.


*removed*

to solve the problem delet fsel? from ttlast.php and last10.php

Best Regards,
Dr.Death
THE MAN OF THE DARK SIDE


NEWS LINK:h*removed*
  #2  
Old 11-15-2004, 01:15 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would suggest altering the author
  #3  
Old 11-15-2004, 01:54 PM
Freezerator Freezerator is offline
 
Join Date: Nov 2001
Location: Den Haag
Posts: 197
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it's better to know wich hack this is, so the maker of the hack can be notified?
  #4  
Old 11-15-2004, 02:37 PM
deepdark's Avatar
deepdark deepdark is offline
 
Join Date: Dec 2001
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i found this today and i writed here i think that this is not a bug is a backdoor for hacking.
  #5  
Old 11-15-2004, 02:44 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by deepdark
i found this today and i writed here i think that this is not a bug is a backdoor for hacking.
Tell the AUTHOR OF THE HACK so they can FIX IT
  #6  
Old 11-15-2004, 03:00 PM
Beermonster Beermonster is offline
 
Join Date: Dec 2003
Location: England
Posts: 362
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery
Tell the AUTHOR OF THE HACK so they can FIX IT

I think he might have got a bit confused with your first reply

Quote:
Originally Posted by Zachery
I would suggest altering the author
shouldn't that have been alerting
  #7  
Old 11-15-2004, 03:29 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have removed your link and exploit details in case any malicious user here decided to take advantage. I've maintained a copy of your post behind the scenes for the staff to take a look at. Thankyou for alerting us and we'll contact the author.
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:08 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06780 seconds
  • Memory Usage 2,214KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete