Security researcher publishes details and exploit code for a vBulletin zero-day

A security researcher has posted details and proof-of-thought exploit code for a zero-working day vulnerability in vBulletin, one of present day most well-liked discussion board program.

The zero-day is a bypass for a patch from a prior vBulletin zero-working day — particularly CVE-2019-16759, disclosed in September 2019.

The former zero-working day authorized attackers to exploit a bug in the vBulletin template system to operate malicious code and get above forums without needing to authenticate on the target internet sites (a form of bug known as a pre-auth RCE).

CVE-2019-16759 was disclosed on September 24, 2019, and a patch was furnished the subsequent day, on September 25.

New zero-day bypasses CVE-2019-16759 patch

However, in a web site post released late Sunday night time, Austin-centered protection researcher Amir Etemadieh explained the CVE-2019-16759 “was insufficient in blocking exploitation.”

The researcher mentioned he located a basic way to bypass the patch and carry on to exploit the exact CVE-2019-16759 vulnerability, and released a few evidence-of-concepts in Bash, Python, and Ruby, to verify his issue.

Etemadieh instructed ZDNet he did not call and notify the vBulletin workforce ahead of likely community with his results. MH Sub I, LLC, the corporation that commercializes the vBulletin discussion board software, has not returned a request for comment.

Forums are a widespread goal for hackers

Either way, the new zero-day code is dwell and has been broadly shared on social media web-sites like Reddit and Twitter, and within hacking communities hosted on personal forums and Discord channels.

0day RCE exploit on vBulletin 5xx

dork intext:”Run by vBulletin”
POC
curl -s http://Web-site/ajax/render/widget_tabbedcontainer_tab_panel -d ‘subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec(“id”) exit’#bugbounty #bugbountytips pic.twitter.com/DfqLivsskG

— h4x0r-dz (@h4x0r_dz) August 10, 2020

The publication of the September 2019 zero-day triggered a enormous wave of vBulletin hacks previous yr, resulting in quite a few companies disclosing safety breaches around the next months.

Community forums, in standard, are some of the most sought following internet systems to hack. The explanation why hackers place a primer on community forums has to do with their function and the data they can steal.

As opposed to most information management devices like WordPress, Drupal, or Joomla, on the web community forums like vBulletin are designed for the sole and key reason of managing on the internet communities, and, as a end result, keep massive quantities of personalized knowledge.

A WordPress site may perhaps be applied to operate a wedding day planner’s or a lawyer’s office environment website, but even the lowliest and unimportant community forums have thousands of registered person profiles holding sensitive person aspects, along with person posts, own messages, and at times even economical data, if the boards have pay out-to-accessibility characteristics.

On the other hand, even if Etemadieh didn’t make it clear if he notified the vBulletin group about his plans to expose a zero-working day, the researcher suggests forum owners can avoid exploitation by earning the pursuing modifications to their discussion board configurations.

Go to the vBulletin administrator management panel.
Simply click “Options” in the menu on the left, then “Solutions” in the dropdown.
Choose “Basic Configurations” and then click on “Edit Configurations”
Search for “Disable PHP, Static HTML, and Ad Module rendering”, Established to “Of course”
Click on “Save”

At the time of producing, at minimum one discussion board was confirmed to have been hacked employing this new zero-working day, the discussion board of the DEF CON safety conference, which just just lately concluded over the weekend.

Up-to-date at 19:30 ET to increase that the vBulletin group has released a patch. MITRE has assigned this new zero-working day the identifier of CVE-2020-17496.

Tags: Amazon Business Login, Amazon Business Prime, Bank Of America Business Account, Best Business Schools, Business Attorney Near Me, Business Bank Account, Business Card Holder, Business Card Maker, Business Card Template, Business Cards Near Me, Business Casual Attire, Business Casual Shoes, Business Casual Woman, Business Plan Examples, Ca Business Search, Ca Sos Business Search, Capital One Business Credit Card, Chase Business Checking, Chase Business Credit Cards, Chase Business Customer Service, Chase Business Login, Chase Business Phone Number, Cheap Business Cards, Citizens Business Bank, Cox Business Login, Digital Business Card, Facebook Business Suite, Finance In Business, Free Business Cards, Google Business Login, Harvard Business School, Lands End Business, Massage Parlor Business Near Me, Michigan Business Entity Search, Mind Your Business, Mind Your Own Business, Ohio Business Search, Risky Business Costume, Skype For Business, Small Business Loan, Small Business Saturday 2021, Starting A Business, Texas Business Entity Search, Triumph Business Capital, Vending Machine Business, Verizon Business Customer Service, Vonage Business Login, Wells Fargo Business Account, Yahoo Small Business, Yahoo Small Business Login

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31