[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
vbulletin security Alert
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: vbulletin security Alert
- From: aura@xxxxxxxxxxxxxxxxx
- Date: 6 May 2006 05:19:27 -0000
#Discovered by: Aura
#Gr33t to: O.U.T.L.A.W & R@1D3N & Smok3r
» Vendor: Vbulletin
» Summary:
vbulletin is a powerfull Forum System
An administrator user may upload CSS Code that's obteining a phpshell ,and
chose it from the vbulletin's style choser. So when he chose it he will see the
Here is an example of the css file
in this file the xml obtein a phpshell so the user have to upload the xml file
and then chose his style and that's it .
Note : don't forget to chose ignore style version ( :P ) and also that you'll
maybe think about this isn't a bug actualy u can make your access to the server
with stealling the administrator password
Discovered By Aria-Security Team (Aura - Outlaw - Rayden)
» Solution
No Solution . ( maybe by password protection from you cpanel)
contact: Advisory@xxxxxxxxxxxxxxxxx