vbulletin security Alert

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: vbulletin security Alert
From: aura@xxxxxxxxxxxxxxxxx
Date: 6 May 2006 05:19:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#----------------------------------------------------------
#Discovered  by: Aura
#ARIA - SECURITY TEAM 
#Gr33t to: O.U.T.L.A.W & R@1D3N & Smok3r
#-----------------------------------------------------------
» Vendor: Vbulletin

» Summary:
vbulletin is a powerfull Forum System

»Description

An administrator user may upload  CSS Code that's obteining a phpshell ,and 
chose it from the vbulletin's style choser. So when he chose it he will see the 
phpshell.

Here is an example of the css file
http://b3hr0uz.persiangig.com/VbStyleVuln.txt

in this file the xml obtein a phpshell so the user have to upload the xml file 
and then chose his style and that's it .

Note : don't forget to chose ignore style version ( :P ) and also that you'll 
maybe think about this isn't a bug actualy u can make your access to the server 
with stealling the administrator password




Discovered By Aria-Security Team (Aura - Outlaw - Rayden)


» Solution
No Solution . ( maybe by password protection from you cpanel)
contact: Advisory@xxxxxxxxxxxxxxxxx

Prev by Date: Re: modules name(Downloads)SQL Injection Exploit
Next by Date: [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL
Previous by thread: Re: PhpListPro 2.01 Remote File Include Vulnerability
Next by thread: Re: vbulletin security Alert
Index(es):
- Date
- Thread