VBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
BID:12542
Info
VBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
| Bugtraq ID: | 12542 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2005 12:00AM |
| Updated: | Feb 14 2005 12:00AM |
| Credit: | Discovery is credited to AL3NDALEEB <[email protected]>. |
| Vulnerable: |
VBulletin VBulletin 3.0.4 VBulletin VBulletin 3.0.3 VBulletin VBulletin 3.0.2 VBulletin VBulletin 3.0.1 VBulletin VBulletin 3.0 Gamma VBulletin VBulletin 3.0 beta 7 VBulletin VBulletin 3.0 beta 6 VBulletin VBulletin 3.0 beta 5 VBulletin VBulletin 3.0 beta 4 VBulletin VBulletin 3.0 beta 3 VBulletin VBulletin 3.0 beta 2 VBulletin VBulletin 3.0 |
| Not Vulnerable: |
VBulletin VBulletin 3.0.5 VBulletin VBulletin 3.0.4 |
Discussion
VBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
VBulletin is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and affects the 'forumdisplay.php' script when the 'showforumusers' option has been enabled.
This may allow attackers to execute arbitrary commands with the privileges of the server running the application.
VBulletin versions 3.0 to 3.0.4 are reported vulnerable to this issue. It is reported that versions 3.0.5 and 3.0.6 are not affected.
VBulletin is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and affects the 'forumdisplay.php' script when the 'showforumusers' option has been enabled.
This may allow attackers to execute arbitrary commands with the privileges of the server running the application.
VBulletin versions 3.0 to 3.0.4 are reported vulnerable to this issue. It is reported that versions 3.0.5 and 3.0.6 are not affected.
Exploit / POC
VBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."
The following proof of concept has been made available by pokleyzz <pokleyzz_at_scan-associates.net>:
An exploit is not required.
The following proof of concept is available:
http://www.example.com/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."
The following proof of concept has been made available by pokleyzz <pokleyzz_at_scan-associates.net>:
Solution / Fix
VBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
Solution:
It is reported that VBulletin versions 3.0.5 and 3.0.6 are not vulnerable to this issue. This is not confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that VBulletin versions 3.0.5 and 3.0.6 are not vulnerable to this issue. This is not confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
VBulletin Forumdisplay.PHP Remote Command Execution Vulnerability
References:
References:
- Vendor Homepage (Kyberna)
- vbulletin 3.0.x PHP code execution (AL3NDALEEB