5.0.0 all Beta releases SQL Injection Exploit 0day

Discussion in 'vBulletin Discussions' started by Brandon, Feb 22, 2013.

  1. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
  2. CM30

    CM30 Regular Member

    Joined:
    Jul 1, 2012
    Messages:
    901
    Likes Received:
    500
    Oh great. Well, here's hoping vBulletin fix it sooner rather than later, otherwise there could be some pretty unhappy vBulletin 5 customers out there...
     
    Brandon likes this.
  3. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Yup, especially the customer area access :eek:
     
  4. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    Seen this last night on another site. You don't need a script to get the hash. You can do it with a URL. Only thing you need to do is point it at a thread an admin posted in. Once you got the hash it takes about 5 minutes to get the password.
     
    Brandon likes this.
  5. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    That's pretty scary to be honest!

    I saw this posted last night but I was already in bed and figured I would just post it today.
     
  6. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    I am surprised no one has used this on vbulletin.com yet.

    I remember a user reported an exploit in the 3.8 branch shortly after IB took over and they marked it as trivial and told the user he didn't know what he was talking about. He then used it to gain access to one of the admin accounts, I don't remember who's it was, and posted in the private forum. Next day he showed screenshots of the private forums with him logged in. The thread was locked and removed. The trivial exploit was fixed the next day.
     
    Iconic, Alfa1 and Brandon like this.
  7. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    I think I remember that too @AWS

    IB doesn't care at all it seems
     
  8. Alfa1

    Alfa1 Regular Member

    Joined:
    Jul 24, 2009
    Messages:
    303
    Likes Received:
    196
    If that would happen now then it could have far going consequences. Depending on whats in there.
     
  9. fattony69

    fattony69 Regular Member

    Joined:
    Jun 14, 2009
    Messages:
    521
    Likes Received:
    145
    This doesn't surprise me at all, sadly.
     
  10. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    The exploit was sold to 2 people so expect to see vbulletin 5 hacked threads pop up at vbulletin.com. Of course the people that bought the kit will have a hard time finding any to hack.
     
    fattony69, Mike Edge and Brandon like this.
  11. DaUnknownAdm!n

    DaUnknownAdm!n Regular Member

    Joined:
    Mar 5, 2010
    Messages:
    254
    Likes Received:
    97
    Location:
    Brooklyn, New York
    I remember that as well, I believe they reported about it on TAZ as well, IIRC.
     
    Brandon likes this.

Share This Page