A security researcher has found a technique to bypass the patch provided for securing a zero-day bug in vBulletin , one of the largest online forum softwares. The bug can be exploited for executing remote code and taking over the forums without authentication. While this was discovered last year, a patch was made available last year. But now, a bypass trick for that is found.
vBulletin Zero-day Vulnerability Exploited!
vBulletin is one of the largest online forum softwares used today by many companies. It lets you create simple and resourceful discussion boards for a topic or a group. These are lucrative targets, as they hold extensive information about users’ personal data, their messages, and even financial information if transacted for a paid online forum.
Even the smallest of forums have hundreds or thousands of users, making it a useful target over other content management sites like WordPress or Joomla. While this being the case, a zero-day bug (CVE-2019-16759) was found in vBulletin on September 24th, last year, but has a patch made available the very next day. Yet, it’s not adequate as per a new report.
Amir Etemadieh , an Austin-based security researcher said the earlier patch for CVE-2019-16759 vulnerability wasn’t secure enough, as he’s able to exploit the patch and achieve the same results. Even before contacting the vBulletin team to inform them, he disclosed his findings along with proof-of-concept code in Ruby, Python, and Bash.
0day RCE exploit on vBulletin 5xx dork ; intext:“Powered by vBulletin” POC curl -s http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d ‘subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec(“id”); exit;’ #bugbounty #bugbountytips pic.twitter.com/DfqLivsskG — h4x0r-dz (@h4x0r_dz) August 10, 2020
