[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040120190824.GA4674@natalya.rebby.com>
Date: Tue, 20 Jan 2004 13:08:24 -0600
From: Curt Rebelein Junior <curt@...by.com>
To: gcf@...h.com
Cc: bugtraq@...urityfocus.com, vuln-dev@...urityfocus.com
Subject: Re: vBulletin Security Vulnerability
What versions of vBulletin does this affect? What version is the oldest
patched version?
Like all vB security related bugs, I see no mention of this on the vB forums.
A long time ago (Tue Jan 20). In a galaxy far away... gcf@...h.com wrote:
# -----BEGIN PGP SIGNED MESSAGE-----
# Hash: SHA1
#
# - - -------------------------------------------------------
# GERMAN COMPUTER FREAKS - SECURITY ADVISORY - SINCE 1997
# January 20st, 2003
# - - -------------------------------------------------------
#
# Software : vBulletin Bulletin Board
# Vendor : Jelsoft Enterprises Limited / inGame GmbH
# Vulnerability : Cross Site Scripting
# Status : Author has been notified
#
# - - ------------------------------------------------------
#
# - - - - Description
#
# vBulletin Bulletin Board derivatives contain a security bug
# that may lead to disclosure of private informations due to a
# cross site scripting attack.
#
# This vulnerability may enable an attacker to transmit sensitive
# informations like 'encrypted' passwords, user identification
# numbers or forum passwords to another server.
#
# Currently, we will refrain from publishing proof of concept
# information to mitigate the impact of this vulnerability.
#
# - - - - Technical Details
#
# Due to an improper quoted field in register.php it's possible
# to inject malicious HTML code. With the use of Javascript code
# an attack is then able to send sensitive informations (like
# cookies) to a foreign server.
#
# Attack Example:
#
# <form action="http://www.VULN-BOARD.com/register.php" method="GET">
# <input type="hidden" name="reg_site"
# value="<SCRIPT><!-- EVIL CODE //--></SCRIPT>"/>
# <input type="text" name="email" value="" />
# <input type="submit" value="Show my cookies" />
#
# - - - - Patch
#
# The vendor released a patch for this vulnerability.
#
# - - - - Closing Words
#
# 07.01.04 Contacting the board developers and explaining the vulnerability
# 08.01.04 Developing a proof of concept tool (undisclosed)
# 20.01.04 Disclosure of this advisory to public
#
# - - - - Greets
#
# This bug was found by Darkwell. We would like to great Natok!
# He's great!
#
# _________________ ___________
# / _____/\_ ___ \\_ _____/
# / \ ___/ \ \/ | __)
# \ \_\ \ \____| \
# \______ /\______ /\___ /
# \/ \/ \/
# The German Computer Freaks
# www.gcf.de Since 1997 /\
# / \
# ____________________________________________________________/ # /
# \ /
# \/
#
# -----BEGIN PGP SIGNATURE-----
# Note: This signature can be verified at https://www.hushtools.com/verify
# Version: Hush 2.3
#
# wkYEARECAAYFAkANbpsACgkQcd4BvfErJcpzFQCggXQa7WHVZslM1e/3ahG333e8lrMA
# oL1vBo7v3oJjMNxhzf3oINBIp8e6
# =msHO
# -----END PGP SIGNATURE-----
#
#
#
#
# Concerned about your privacy? Follow this link to get
# FREE encrypted email: https://www.hushmail.com/?l=2
#
# Free, ultra-private instant messaging with Hush Messenger
# https://www.hushmail.com/services.php?subloc=messenger&l=434
#
# Promote security and make money with the Hushmail Affiliate Program:
# https://www.hushmail.com/about.php?subloc=affiliate&l=427
--
Curt Rebelein, Junior
http://rebby.com
Powered by blists - more mailing lists