Category: IT|Aug 15, 2020 | Author: Admin

vBulletin Zero-Day Surfaces Online Following Patch Bypass

Share on

Recently, vBulletin addressed a zero-day vulnerability that was quickly exploited. The bug appeared as a result of bypassing the patch for a previously known and fixed vulnerability.

vBulletin.jpg

vBulletin Zero-Day Due To Failed CVE-2019-16759 Fix Reportedly, in 2019, a security researcher discovered a critical vulnerability in vBulletin 5.0 to 5.4. As revealed through the full disclosure, the bug could allow PHP remote code execution upon exploitation.

It received the CVE ID CVE-2019-16759 with a critical severity rating and a CVSS score of 9.8. Within three days of disclosure, the vendors deployed a fix for the flaw. However, recently, another security researcher Amir Etemadieh discovered that the fix had a security issue and could find a way to bypass the patch and exploit the flaw. He even shared the PoCs for it in Bash, Python, and Ruby.

Sharing the details in a blog post, the researcher revealed that the problems existed in the vBulletin template structure. As stated,

Specifically, templates aren’t actually written in PHP but instead are written in a language that is first processed by the template engine and then is output as a string of PHP code that is later ran through an eval() during the “rendering” process.

Furthermore, the templates could have numerous child templates after being nested. This structure triggered numerous security bugs. A bug in one template could expose other code too, including the parent template. Thus, the researcher could bypass the fix by exploiting the template “widget_tabbedcontainer_tab_panel” that had two features.


1. The templates ability to load a user controlled child template.
2. The template loads the child template by taking a value from a separately named value and placing it into a variable named “widgetConfig”.

He has also shared a detailed presentation for anyone to test the exploit. vBulletin Released Another Patch Upon discovering the flaw, the researcher did not disclose the vulnerability privately to the vendors and instead disclosed the details online. Shortly after the disclosure, attackers exploited the vulnerability to hack the DEFCON forum.

 

Sponsored Ads:

Comments:


Microsoft-365-headpic-24-04-25.png

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Category: Microsoft|Apr 24, 2025 | Author: Admin
logo.png

Microsoft Exchange 2016 and 2019 reach end of support in six months

Category: Microsoft|Apr 23, 2025 | Author: Admin
android-22-04-25.png

Google adds Android auto-reboot to block forensic data extractions

Category: Google|Apr 22, 2025 | Author: Admin
Outlook-21-04-25.png

Microsoft warns of CPU spikes when typing in classic Outlook

Category: Microsoft|Apr 21, 2025 | Author: Admin
hertz-sign-20-04-25.png

Hertz confirms customer info, drivers' licenses stolen in data breach

Category: General|Apr 20, 2025 | Author: Admin
hacker-19-04-25.png

Cybersecurity firm buying hacker forum accounts to spy on cybercriminals

Category: IT|Apr 19, 2025 | Author: Admin
padlock-18-04-25.png

SSL/TLS certificate lifespans reduced to 47 days by 2029

Category: IT|Apr 18, 2025 | Author: Admin
RAT-17-04-25.png

New ResolverRAT malware targets pharma and healthcare orgs worldwide

Category: IT|Apr 17, 2025 | Author: Admin
DaVita-sign-16-04-25.png

Kidney dialysis firm DaVita hit by weekend ransomware attack

Category: General|Apr 16, 2025 | Author: Admin
Exchange_headpic-15-04-25.png

Microsoft Exchange 2016 and 2019 reach end of support in six months

Category: Microsoft|Apr 15, 2025 | Author: Admin
Meta-14-04-25.png

Meta to resume AI training on content shared by Europeans

Category: IT|Apr 14, 2025 | Author: Admin
ChatGPT-headpic-13-04-25.png

Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0

Category: IT|Apr 13, 2025 | Author: Admin
microsoft-365-malicious-email-12-04-15.png

Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Category: Microsoft|Apr 12, 2025 | Author: Admin
Google_flare-11-04-25.png

Google's AI video generator Veo 2 is rolling out on AI Studio

Category: Google|Apr 11, 2025 | Author: Admin
ChatGPT-10-04-25.png

OpenAI wants ChatGPT to know you over your life with new Memory update

Category: IT|Apr 10, 2025 | Author: Admin
more