[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CADSYzstwTLqFAe=fT7q33712+sGbb01UGTguQF8WhSYM4H_+pQ@mail.gmail.com>
Date: Tue, 9 Aug 2016 19:28:32 -0300
From: Dawid Golunski <dawid@...alhackers.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request
Forgery (SSRF)
vBulletin
CVE-2016-6483
vBulletin software is affected by a SSRF vulnerability that allows
unauthenticated remote attackers to access internal services (such as mail
servers, memcached, couchDB, zabbix etc.) running on the server
hosting vBulletin as well as services on other servers on the local
network that are accessible from the target.
The following versions are affected:
vBulletin <= 5.2.2
vBulletin <= 4.2.3
vBulletin <= 3.8.9
Technical details,PoC vBulletin exploits and links to patches provided
by the vendor can be found at:
http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
--
Regards,
Dawid Golunski
http://legalhackers.com
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists