VBulletin – a popular CMS for online forum is being exploited widely by various hackers. vBulletin team released announcements about a possible exploit in versions 4.1+ and 5+ of vBulletin. The announcement read:
“A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation "
Details of vBulletin 4.1.x and 5.x.x exploit released by the hacker:
Find a vBulletin 4 or 5 target
Make sure it has a /install/upgrade.php file in it
Go to site.com/install/upgrade.php and right click the page and see source code. Find var CUSTNUMBER =
Once found , copy it
Upload this code onto anywhere : http://cur.lv/4w0k6
Once uploaded,open the file
After that paste that CUSTNUMBER into the Customer I.D box (It will be something like 9c4818514a74338f980793e7426b2fb1)
Fill in the other box’s such as site URL, Username, Password and Email.
Once done, click Inject Admin and let the page load
Thats all, now go to the forum and login with the login details which you injected the site with.
How to patch the bug:
Remove the install directory.
4.X – /install/
5.X – /core/install
0 comments