Category: IT|Aug 15, 2020 | Author: Admin

vBulletin Zero-Day Surfaces Online Following Patch Bypass

Share on

Recently, vBulletin addressed a zero-day vulnerability that was quickly exploited. The bug appeared as a result of bypassing the patch for a previously known and fixed vulnerability.

vBulletin Zero-Day Due To Failed CVE-2019-16759 Fix Reportedly, in 2019, a security researcher discovered a critical vulnerability in vBulletin 5.0 to 5.4. As revealed through the full disclosure, the bug could allow PHP remote code execution upon exploitation.

It received the CVE ID CVE-2019-16759 with a critical severity rating and a CVSS score of 9.8. Within three days of disclosure, the vendors deployed a fix for the flaw. However, recently, another security researcher Amir Etemadieh discovered that the fix had a security issue and could find a way to bypass the patch and exploit the flaw. He even shared the PoCs for it in Bash, Python, and Ruby.

Sharing the details in a blog post, the researcher revealed that the problems existed in the vBulletin template structure. As stated,

Specifically, templates aren’t actually written in PHP but instead are written in a language that is first processed by the template engine and then is output as a string of PHP code that is later ran through an eval() during the “rendering” process.

Furthermore, the templates could have numerous child templates after being nested. This structure triggered numerous security bugs. A bug in one template could expose other code too, including the parent template. Thus, the researcher could bypass the fix by exploiting the template “widget_tabbedcontainer_tab_panel” that had two features.


1. The templates ability to load a user controlled child template.
2. The template loads the child template by taking a value from a separately named value and placing it into a variable named “widgetConfig”.

He has also shared a detailed presentation for anyone to test the exploit. vBulletin Released Another Patch Upon discovering the flaw, the researcher did not disclose the vulnerability privately to the vendors and instead disclosed the details online. Shortly after the disclosure, attackers exploited the vulnerability to hack the DEFCON forum.

 

Sponsored Ads:

Comments:


Android's underappreciated upgrade advantage

Category: Google|Sep 24, 2021 | Author: Admin

No Electricity? A New Cooling System Uses Sunlight and Saltwater

Category: General|Sep 23, 2021 | Author: Admin

Slack begins rolling out video and audio message ‘clips’

Category: General|Sep 22, 2021 | Author: Admin

Roku's free OS 10.5 lets you dictate passwords, fixes pesky sound lags on headphones

Category: IT|Sep 21, 2021 | Author: Admin

Some good news and some strange news from Apple

Category: Apple|Sep 20, 2021 | Author: Admin

New Windows security updates break network printing

Category: Microsoft|Sep 19, 2021 | Author: Admin

Sent 700tb over 4 km of laser technology

Category: IT|Sep 18, 2021 | Author: Admin

'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin

iPhone 13 unveiled in Ukraine

Category: Apple|Sep 10, 2021 | Author: Admin
more