vBulletin Zero-day Vulnerability Exploited!
vBulletin is one of the largest online forum softwares used today by many companies. It lets you create simple and resourceful discussion boards for a topic or a group. These are lucrative targets, as they hold extensive information about users’ personal data, their messages, and even financial information if transacted for a paid online forum. Even the smallest of forums have hundreds or thousands of users, making it a useful target over other content management sites like WordPress or Joomla. While this being the case, a zero-day bug (CVE-2019-16759) was found in vBulletin on September 24th, last year, but has a patch made available the very next day. Yet, it’s not adequate as per a new report. Amir Etemadieh, an Austin-based security researcher said the earlier patch for CVE-2019-16759 vulnerability wasn’t secure enough, as he’s able to exploit the patch and achieve the same results. Even before contacting the vBulletin team to inform them, he disclosed his findings along with proof-of-concept code in Ruby, Python, and Bash.
dork ; intext:“Powered by vBulletin"POCcurl -s http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d ‘subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec(“id”); exit;’#bugbounty #bugbountytips pic.twitter.com/DfqLivsskG — h4x0r-dz (@h4x0r_dz) August 10, 2020 This soon picked up by adversaries to share among online communities, discord channels, Reddit, and Twitter. There’s even an online forum being hacked right after this publication – the DEF CON Security group which had its conference held last weekend. vBulletin came up with a patch for this immediately and suggests updating to avoid your discussion boards being hacked.