Two Critical 0-Day Remote Exploits For Vbulletin Forum Disclosed Publicly

Security researchers convey discovered together with disclosed details of 2 unpatched critical vulnerabilities inwards a pop cyberspace forum software—vBulletin—one of which could allow a remote aggressor to execute malicious code on the latest version of vBulletin application server.

vBulletin is a widely used proprietary Internet forum software parcel based on PHP together with MySQL database server. It powers to a greater extent than than 100,000 websites on the Internet, including Fortune 500 together with Alexa Top 1 1000000 companies websites together with forums.

The vulnerabilities were discovered past times a safety researcher from Italy-based safety draw solid TRUEL information technology together with an unknown independent safety researcher, who disclosed the details of the vulnerabilities past times Beyond Security's SecuriTeam Secure Disclosure program.

The vulnerabilities ship on version v of the vBulletin forum software together with are currently unpatched. Beyond Security claims, it tried to contact vBulletin since Nov 21, 2017, only received no reply from the company.

vBulletin Remote Code Execution Vulnerability

The starting fourth dimension vulnerability discovered inwards vBulletin is a file inclusion number that leads to remote code execution, allowing a remote aggressor to include whatever file from the vBulletin server together with execute arbitrary PHP code.

An unauthenticated aggressor tin trigger the file inclusion vulnerability past times sending a GET asking to index.php amongst the routestring= parameter inwards the request, eventually allowing the aggressor to "create a crafted asking to Vbulletin server installed on Windows OS together with include whatever file on the spider web server."

The researcher has likewise provided Proof-of-Concept (PoC) exploit code to present the exploitation of the vulnerability. Influenza A virus subtype H5N1 Common Vulnerabilities together with Exposures (CVE) number has non been assigned to this exceptional vulnerability.

vBulletin Remote Arbitrary File Deletion Vulnerability

The 2nd vulnerability discovered in the vBulletin forum software version v has been assigned CVE-2017-17672 together with described every bit a deserialization number that an unauthenticated aggressor tin exploit to delete arbitrary files together with fifty-fifty execute malicious code "under for certain circumstances."

The vulnerability is due to dangerous usage of PHP's unserialize() on user-supplied input, which allows an unauthenticated hacker to delete arbitrary files together with maybe execute arbitrary code on a vBulletin installation.

Influenza A virus subtype H5N1 publicly exposed API, called vB_Library_Template's cacheTemplates() function, allows fetching information on a ready of given templates from the database to shop them within a cache variable.

"$temnplateidlist variable, which tin come upward straight from user-input, is straight supplied to unserialize(), resulting inwards an arbitrary deserialization primitive," the advisory explains.

Besides technical details, the advisory likewise includes Proof-of-Concept (PoC) exploit code to explicate the severity of this vulnerability.

We hold off the vendor to unloose the piece for both the safety flaws earlier hackers started exploiting them to target vBulletin installations.

Share This :