|
vBulletin 3.0.9 SQL-Injection
vBulletin 3.0.9 SQL-Injection
Arkadaşlar öncelikle vbulletin hakkında hayal kırıklığına uğradığımı belirtmek isterim... SQL-Injection: (Fixed in vB 3.0.9) =============== > /joinrequests.php: POST: <do=processjoinrequests&usergroupid=22&request[[SQL-Injection]]=0> > /admincp/user.php: GET: <do=find&orderby=username&limitnumber=[SQL-Injection]> GET: <do=find&orderby=username&limitstart=[SQL-Injection]> > /admincp/usertitle.php: GET: <do=edit&usertitleid=0XF> > /admincp/usertools.php: GET: <do=pmuserstats&ids=0XF> o XSS: (Fixed in vB 3.0.9) ===== > /admincp/css.php: GET: <do=doedit&dostyleid=1&group=[XSS]> > /admincp/index.php: GET: <redirect=[XSS]> > /admincp/user.php: GET: <do=emailpassword&email=[XSS]> > /admincp/language.php: GET: <do=rebuild&goto=[XSS]> > /admincp/modlog.php: GET: <do=view&orderby=[XSS]> > /admincp/template.php: GET: <do=colorconverter&hex=[XSS]> GET: <do=colorconverter&rgb=[XSS]> GET: <do=modify&expandset=[XSS] o Arbitrary File Upload: ======================= An user with access to administrator panel (e.g. (Co)Administrator) and the privilege to add avatars/icons/smileys is able to upload arbitrary files. An attacker is able to gain the ability to execute commands under the context of the web server. > /admincp/image.php: POST: <do=upload&table=avatar> POST: <do=upload&table=icon> POST: <do=upload&table=smilie> This issue is not addressed in vBulletin 3.0.9. o Unpatched Bugs: ================ > /modcp/announcement.php: POST: <do=update&announcementid=1&start=24-07-05&end=30-07-05 &announcement[0]=[SQL-Injection]> > /modcp/user.php: GET: <do=avatar&userid=0XF> There are still a lot of security related bugs in the administrator panel of the vBulletin software. An authorized user could elevate his privileges and read sensitive data. > /admincp/admincalendar.php: POST: <do=update&calendarid=1&calendar[daterange]=1970-2030& calendar[0]=[SQL-Injection]> POST: <do=updatemod&moderatorid=1&moderator[calendarid]=0XF> > /admincp/cronlog.php: POST: <do=doprunelog&cronid=0XF> POST: <do=prunelog&cronid=0XF> > /admincp/email.php: POST: <do=makelist&user[usergroupid][0]=[SQL-Injection]> > /admincp/help.php: POST: <do=doedit&help[script]=1&help[0]=[SQL-Injection]> > /admincp/language.php: POST: <do=update&rvt[0]=[SQL-Injection]> > /admincp/phrase.php: POST: <do=completeorphans&keep[0]=[SQL-Injection]> > /admincp/usertools.php: POST: <do=updateprofilepic> Even a privileged user should not be able to add posts, titles, announcements etc. with HTML/JavaScript-Code in it. > Not properly filtered: (XSS) </admincp/announcement.php> </admincp/admincalendar.php> </admincp/bbcode.php> </admincp/cronadmin.php> </admincp/email.php?do=genlist> </admincp/faq.php?do=add> </admincp/forum.php?do=add> </admincp/image.php?do=add&table=avatar/icon/smilie> </admincp/language.php> </admincp/ranks.php?do=add> </admincp/replacement.php?do=add> </admincp/replacement.php?do=edit> </admincp/template.php?do=addstyle> </admincp/template.php?do=edit> </admincp/usergroup.php?do=add> </admincp/usertitle.php> Çözüm : bbulletininizi sürekli güncelleyin ve bütün security(güvenlik) patchlerini(eklerini) ekleyin... |
| Forum saati GMT +3 olarak ayarlanmıştır. Şu an saat: 11:17 PM |
Yazılım: vBulletin® - Sürüm: 3.8.11 Copyright ©2000 - 2025, vBulletin Solutions, Inc.