VBulletin – a popular CMS for online forum is being exploited widely by various hackers. vBulletin team released announcements about a possible exploit in versions 4.1+ and 5+ of vBulletin. The announcement read:
“A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation "


 Details of vBulletin 4.1.x and 5.x.x exploit released by the hacker:

    Find a vBulletin 4 or 5 target

    Make sure it has a /install/upgrade.php file in it

    Go to site.com/install/upgrade.php and right click the page and see source code. Find var CUSTNUMBER =


    Once found , copy it

    Upload this code onto anywhere  : http://cur.lv/4w0k6
    Once uploaded,open the file
    After that paste that CUSTNUMBER into the Customer I.D box (It will be something like 9c4818514a74338f980793e7426b2fb1)
    Fill in the other box’s such as site URL, Username, Password and Email.
    Once done, click Inject Admin and let the page load
    Thats all, now go to the forum and login with the login details which you injected the site with.

How to patch the bug:

Remove the install directory.

    4.X – /install/
    5.X – /core/install

0 comments