[FONT=Times New Roman, Times, serif]vBulletin 3.0.9 SQL-Injection[/FONT]
Arkadaşlar öncelikle vbulletin hakkında hayal kırıklığına uğradığımı belirtmek isterim...
SQL-Injection: (Fixed in vB 3.0.9)
===============
> /joinrequests.php:
POST: <do=processjoinrequests&usergroupid=22&request[[SQL-Injection]]=0>
> /admincp/user.php:
GET: <do=find&orderby=username&limitnumber=[SQL-Injection]>
GET: <do=find&orderby=username&limitstart=[SQL-Injection]>
> /admincp/usertitle.php:
GET: <do=edit&usertitleid=0XF>
> /admincp/usertools.php:
GET: <do=pmuserstats&ids=0XF>
o XSS: (Fixed in vB 3.0.9)
=====
> /admincp/css.php:
GET: <do=doedit&dostyleid=1&group=[XSS]>
> /admincp/index.php:
GET: <redirect=[XSS]>
> /admincp/user.php:
GET: <do=emailpassword&email=[XSS]>
> /admincp/language.php:
GET: <do=rebuild&goto=[XSS]>
> /admincp/modlog.php:
GET: <do=view&orderby=[XSS]>
> /admincp/template.php:
GET: <do=colorconverter&hex=[XSS]>
GET: <do=colorconverter&rgb=[XSS]>
GET: <do=modify&expandset=[XSS]
o Arbitrary File Upload:
=======================
An user with access to administrator panel (e.g. (Co)Administrator) and
the privilege to add avatars/icons/smileys is able to upload arbitrary
files. An attacker is able to gain the ability to execute commands under
the context of the web server.
> /admincp/image.php:
POST: <do=upload&table=avatar>
POST: <do=upload&table=icon>
POST: <do=upload&table=smilie>
This issue is not addressed in vBulletin 3.0.9.
o Unpatched Bugs:
================
> /modcp/announcement.php:
POST: <do=update&announcementid=1&start=24-07-05&end=30-07-05
&announcement[0]=[SQL-Injection]>
> /modcp/user.php:
GET: <do=avatar&userid=0XF>
There are still a lot of security related bugs in the administrator
panel of the vBulletin software. An authorized user could elevate his
privileges and read sensitive data.
> /admincp/admincalendar.php:
POST: <do=update&calendarid=1&calendar[daterange]=1970-2030&
calendar[0]=[SQL-Injection]>
POST: <do=updatemod&moderatorid=1&moderator[calendarid]=0XF>
> /admincp/cronlog.php:
POST: <do=doprunelog&cronid=0XF>
POST: <do=prunelog&cronid=0XF>
> /admincp/email.php:
POST: <do=makelist&user[usergroupid][0]=[SQL-Injection]>
> /admincp/help.php:
POST: <do=doedit&help[script]=1&help[0]=[SQL-Injection]>
> /admincp/language.php:
POST: <do=update&rvt[0]=[SQL-Injection]>
> /admincp/phrase.php:
POST: <do=completeorphans&keep[0]=[SQL-Injection]>
> /admincp/usertools.php:
POST: <do=updateprofilepic>
Even a privileged user should not be able to add posts, titles,
announcements etc. with HTML/JavaScript-Code in it.
> Not properly filtered: (XSS)
</admincp/announcement.php>
</admincp/admincalendar.php>
</admincp/bbcode.php>
</admincp/cronadmin.php>
</admincp/email.php?do=genlist>
</admincp/faq.php?do=add>
</admincp/forum.php?do=add>
</admincp/image.php?do=add&table=avatar/icon/smilie>
</admincp/language.php>
</admincp/ranks.php?do=add>
</admincp/replacement.php?do=add>
</admincp/replacement.php?do=edit>
</admincp/template.php?do=addstyle>
</admincp/template.php?do=edit>
</admincp/usergroup.php?do=add>
</admincp/usertitle.php>
Çözüm : bbulletininizi sürekli güncelleyin ve bütün security(güvenlik) patchlerini(eklerini) ekleyin...
SAYGILARIMLA..........
(ALINTIDIR)
Arkadaşlar öncelikle vbulletin hakkında hayal kırıklığına uğradığımı belirtmek isterim...
SQL-Injection: (Fixed in vB 3.0.9)
===============
> /joinrequests.php:
POST: <do=processjoinrequests&usergroupid=22&request[[SQL-Injection]]=0>
> /admincp/user.php:
GET: <do=find&orderby=username&limitnumber=[SQL-Injection]>
GET: <do=find&orderby=username&limitstart=[SQL-Injection]>
> /admincp/usertitle.php:
GET: <do=edit&usertitleid=0XF>
> /admincp/usertools.php:
GET: <do=pmuserstats&ids=0XF>
o XSS: (Fixed in vB 3.0.9)
=====
> /admincp/css.php:
GET: <do=doedit&dostyleid=1&group=[XSS]>
> /admincp/index.php:
GET: <redirect=[XSS]>
> /admincp/user.php:
GET: <do=emailpassword&email=[XSS]>
> /admincp/language.php:
GET: <do=rebuild&goto=[XSS]>
> /admincp/modlog.php:
GET: <do=view&orderby=[XSS]>
> /admincp/template.php:
GET: <do=colorconverter&hex=[XSS]>
GET: <do=colorconverter&rgb=[XSS]>
GET: <do=modify&expandset=[XSS]
o Arbitrary File Upload:
=======================
An user with access to administrator panel (e.g. (Co)Administrator) and
the privilege to add avatars/icons/smileys is able to upload arbitrary
files. An attacker is able to gain the ability to execute commands under
the context of the web server.
> /admincp/image.php:
POST: <do=upload&table=avatar>
POST: <do=upload&table=icon>
POST: <do=upload&table=smilie>
This issue is not addressed in vBulletin 3.0.9.
o Unpatched Bugs:
================
> /modcp/announcement.php:
POST: <do=update&announcementid=1&start=24-07-05&end=30-07-05
&announcement[0]=[SQL-Injection]>
> /modcp/user.php:
GET: <do=avatar&userid=0XF>
There are still a lot of security related bugs in the administrator
panel of the vBulletin software. An authorized user could elevate his
privileges and read sensitive data.
> /admincp/admincalendar.php:
POST: <do=update&calendarid=1&calendar[daterange]=1970-2030&
calendar[0]=[SQL-Injection]>
POST: <do=updatemod&moderatorid=1&moderator[calendarid]=0XF>
> /admincp/cronlog.php:
POST: <do=doprunelog&cronid=0XF>
POST: <do=prunelog&cronid=0XF>
> /admincp/email.php:
POST: <do=makelist&user[usergroupid][0]=[SQL-Injection]>
> /admincp/help.php:
POST: <do=doedit&help[script]=1&help[0]=[SQL-Injection]>
> /admincp/language.php:
POST: <do=update&rvt[0]=[SQL-Injection]>
> /admincp/phrase.php:
POST: <do=completeorphans&keep[0]=[SQL-Injection]>
> /admincp/usertools.php:
POST: <do=updateprofilepic>
Even a privileged user should not be able to add posts, titles,
announcements etc. with HTML/JavaScript-Code in it.
> Not properly filtered: (XSS)
</admincp/announcement.php>
</admincp/admincalendar.php>
</admincp/bbcode.php>
</admincp/cronadmin.php>
</admincp/email.php?do=genlist>
</admincp/faq.php?do=add>
</admincp/forum.php?do=add>
</admincp/image.php?do=add&table=avatar/icon/smilie>
</admincp/language.php>
</admincp/ranks.php?do=add>
</admincp/replacement.php?do=add>
</admincp/replacement.php?do=edit>
</admincp/template.php?do=addstyle>
</admincp/template.php?do=edit>
</admincp/usergroup.php?do=add>
</admincp/usertitle.php>
Çözüm : bbulletininizi sürekli güncelleyin ve bütün security(güvenlik) patchlerini(eklerini) ekleyin...
SAYGILARIMLA..........
(ALINTIDIR)
.ve versiyon yenilendikce bu bug lar fixlenir. vbulletin 4 sürümü var şuanda .onda bu açık yoktur.
