vbulletin security Alert May 06 2006 05:19AM
aura aria-security net
#----------------------------------------------------------

#Discovered by: Aura

#ARIA - SECURITY TEAM

#Gr33t to: O.U.T.L.A.W & R@1D3N & Smok3r

#-----------------------------------------------------------

» Vendor: Vbulletin

» Summary:

vbulletin is a powerfull Forum System

»Description

An administrator user may upload CSS Code that's obteining a phpshell ,and chose it from the vbulletin's style choser. So when he chose it he will see the phpshell.

Here is an example of the css file

http://b3hr0uz.persiangig.com/VbStyleVuln.txt

in this file the xml obtein a phpshell so the user have to upload the xml file and then chose his style and that's it .

Note : don't forget to chose ignore style version ( :P ) and also that you'll maybe think about this isn't a bug actualy u can make your access to the server with stealling the administrator password

Discovered By Aria-Security Team (Aura - Outlaw - Rayden)

» Solution

No Solution . ( maybe by password protection from you cpanel)

contact: Advisory (at) Aria-Security (dot) net [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus