Info

Disclosure

Feb 22, 2005

Discovery

Feb 17, 2005

Dates

Exploit

Feb 22, 2005

Solution

Unknown

Description

vBulletin contains a flaw that may allow a malicious user to inject and execute arbitrary PHP code, because nested input passed to the "template" parameter in "misc.php" isn't properly verified and can be exploited. The issue is triggered when the "Add Template Name in HTML Comments" option is enabled. It is possible that the flaw may allow the injection and execution of arbitrary PHP code resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 3.0.7 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the "Add Template Name in HTML Comments" option

Products

vBulletin

Forum

3.0.6

References

Security Tracker: 1013261
Bugtraq ID: 12622
Metasploit ID: 14047
Secunia Advisory ID: 14326
CVE ID: 2005-0511 (see also: NVD)
Milw0rm: 832
Exploit Database: 832
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0468.html
http://marc.theaimsgroup.com/?l=bugtraq&m=110910899415763&w=2
Other Advisory URL: http://www.scan-associates.net/index.php-ch=90&pg=24.htm
Vendor URL: http://www.vbulletin.com/
Vendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?postid=819562

Credit

pokleyzz - pokleyzzscan-associates.net - SCAN Associates Sdn. Bhd.

Direct URL: http://osvdb.org/14047