<<< Date Index >>>     <<< Thread Index >>>

vBulletin Security Vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------
 GERMAN COMPUTER FREAKS - SECURITY ADVISORY - SINCE 1997
                  January 20st, 2003
- - -------------------------------------------------------

  Software      : vBulletin Bulletin Board
  Vendor        : Jelsoft Enterprises Limited / inGame GmbH
  Vulnerability : Cross Site Scripting
  Status        : Author has been notified

- - ------------------------------------------------------

- - - - Description

    vBulletin Bulletin Board derivatives contain a security bug
   that may lead to disclosure of private informations due to a
   cross site scripting attack.

    This vulnerability may enable an attacker to transmit sensitive
   informations like 'encrypted' passwords, user identification
   numbers or forum passwords to another server.

    Currently, we will refrain from publishing proof of concept
   information to mitigate the impact of this vulnerability.

- - - - Technical Details

    Due to an improper quoted field in register.php it's possible
   to inject malicious HTML code. With the use of Javascript code
   an attack is then able to send sensitive informations (like
   cookies) to a foreign server.

   Attack Example:

   <form action="http://www.VULN-BOARD.com/register.php"; method="GET">
   <input type="hidden" name="reg_site"
    value="<SCRIPT><!-- EVIL CODE //--></SCRIPT>"/>
   <input type="text" name="email" value="" />
   <input type="submit" value="Show my cookies" />

- - - - Patch

    The vendor released a patch for this vulnerability.

- - - - Closing Words

  07.01.04  Contacting the board developers and explaining the vulnerability
  08.01.04  Developing a proof of concept tool (undisclosed)
  20.01.04  Disclosure of this advisory to public

- - - - Greets

     This bug was found by Darkwell. We would like to great Natok!
     He's great!

                        _________________ ___________
                       /  _____/\_   ___ \\_   _____/
                      /   \  ___/    \  \/ |    __)
                      \    \_\  \     \____|     \
                       \______  /\______  /\___  /
                              \/        \/     \/
                        The German Computer Freaks
                         www.gcf.de    Since 1997             /\
                                                             /  \
____________________________________________________________/ # /
                                                            \  /
                                                             \/

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkANbpsACgkQcd4BvfErJcpzFQCggXQa7WHVZslM1e/3ahG333e8lrMA
oL1vBo7v3oJjMNxhzf3oINBIp8e6
=msHO
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427