lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040120190824.GA4674@natalya.rebby.com>
Date: Tue, 20 Jan 2004 13:08:24 -0600
From: Curt Rebelein Junior <curt@...by.com>
To: gcf@...h.com
Cc: bugtraq@...urityfocus.com, vuln-dev@...urityfocus.com
Subject: Re: vBulletin Security Vulnerability


What versions of vBulletin does this affect? What version is the oldest
patched version?

Like all vB security related bugs, I see no mention of this on the vB forums.

A long time ago (Tue Jan 20). In a galaxy far away... gcf@...h.com wrote:
# -----BEGIN PGP SIGNED MESSAGE-----
# Hash: SHA1
# 
# - - -------------------------------------------------------
#  GERMAN COMPUTER FREAKS - SECURITY ADVISORY - SINCE 1997
#                   January 20st, 2003
# - - -------------------------------------------------------
# 
#   Software      : vBulletin Bulletin Board
#   Vendor        : Jelsoft Enterprises Limited / inGame GmbH
#   Vulnerability : Cross Site Scripting
#   Status        : Author has been notified
# 
# - - ------------------------------------------------------
# 
# - - - - Description
# 
#     vBulletin Bulletin Board derivatives contain a security bug
#    that may lead to disclosure of private informations due to a
#    cross site scripting attack.
# 
#     This vulnerability may enable an attacker to transmit sensitive
#    informations like 'encrypted' passwords, user identification
#    numbers or forum passwords to another server.
# 
#     Currently, we will refrain from publishing proof of concept
#    information to mitigate the impact of this vulnerability.
# 
# - - - - Technical Details
# 
#     Due to an improper quoted field in register.php it's possible
#    to inject malicious HTML code. With the use of Javascript code
#    an attack is then able to send sensitive informations (like
#    cookies) to a foreign server.
# 
#    Attack Example:
# 
#    <form action="http://www.VULN-BOARD.com/register.php" method="GET">
#    <input type="hidden" name="reg_site"
#     value="<SCRIPT><!-- EVIL CODE //--></SCRIPT>"/>
#    <input type="text" name="email" value="" />
#    <input type="submit" value="Show my cookies" />
# 
# - - - - Patch
# 
#     The vendor released a patch for this vulnerability.
# 
# - - - - Closing Words
# 
#   07.01.04  Contacting the board developers and explaining the vulnerability
#   08.01.04  Developing a proof of concept tool (undisclosed)
#   20.01.04  Disclosure of this advisory to public
# 
# - - - - Greets
# 
#      This bug was found by Darkwell. We would like to great Natok!
#      He's great!
# 
#                         _________________ ___________
#                        /  _____/\_   ___ \\_   _____/
#                       /   \  ___/    \  \/ |    __)
#                       \    \_\  \     \____|     \
#                        \______  /\______  /\___  /
#                               \/        \/     \/
#                         The German Computer Freaks
#                          www.gcf.de    Since 1997             /\
#                                                              /  \
# ____________________________________________________________/ # /
#                                                             \  /
#                                                              \/
# 
# -----BEGIN PGP SIGNATURE-----
# Note: This signature can be verified at https://www.hushtools.com/verify
# Version: Hush 2.3
# 
# wkYEARECAAYFAkANbpsACgkQcd4BvfErJcpzFQCggXQa7WHVZslM1e/3ahG333e8lrMA
# oL1vBo7v3oJjMNxhzf3oINBIp8e6
# =msHO
# -----END PGP SIGNATURE-----
# 
# 
# 
# 
# Concerned about your privacy? Follow this link to get
# FREE encrypted email: https://www.hushmail.com/?l=2
# 
# Free, ultra-private instant messaging with Hush Messenger
# https://www.hushmail.com/services.php?subloc=messenger&l=434
# 
# Promote security and make money with the Hushmail Affiliate Program: 
# https://www.hushmail.com/about.php?subloc=affiliate&l=427

-- 
Curt Rebelein, Junior
http://rebby.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ