Exploit in vbulletin!!!Urgent!!!
Collapse
X
-
-
another Vulnerability for 3.x 4.x 5.x in this site
If you get access to a forum with an acc that only has default acp, you can get all users information by creating a cookie stealer in announcements.
- - - Updated - - -
Another Vulnerability for 4.x 5.x
A large list of Full Path Disclosure for vBulletin Solution: Add error_reporting(0); vuln scripts or turn display_errors off in php.ini Last edited by Wayne Luke; Sun 9 Dec '12, 9:14am.Comment
-
Please do not just blindly link to so called reports. They should be logged in Jira, after checking they are actually sensible.
The second of those isnt a "Vulnerability" - its simply the error messages on a server, production systems should generally run with display_errors off in php.ini
The first looks a bit like someone saying a site administrator can hack himself, normal users cannot create announcements.Baby, I was born this wayComment
-
I vote we just stop and think a bit before getting hysterical every time some boneheaded kiddy-scripter "announces" that he can hack this, that, and the other.
And if you think you've uncovered a REAL exploit, how about reporting it privately to vBulletin instead of posting it in a public forum? Have you considered that if it's genuine you are aiding and abetting hackers?👍 1Comment
-
When an exploit is in the open and described or mentioned on public website, there is no point in reporting anything privately. The only people you'd leave in the dark would be those websites masters who have a good reason to hear about it as soon as possible. Those who want to do harm don't need to follow this forum to find out about potential exploits.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment