You can now find Cyber Kendra on Google News | Telegram

Critical Zeroday Dropped for vBulletien version 5X [Exploit Code]

Unpatched Critical 0day for vBulletien 5X
An anonymous hacker published all the details along with the exploit code for unpatched, critical Remote Code Execution bug in VBulletin. At this time this bug hasn't been provided with the CVE  number, but the severity of bug is Critical because it can be exploited remotely and doesn't need any authorization.

Vbulletin is one of the popular internet forum software, which is running on more than 100,000 websites.

The details and the Proofs-of-Concept was published on Full Disclosure mailing list, and according to this, it explains that hacker found Remote Code Execution vulnerability on the VBulletin software prior to version 5.0.0 to the latest 5.5.4.

According to the exploit code, it seems that the bug resides on widget file of the forum software package that passes configurations request via the URL parameters and then parse them on the server without security checks. This improper validation of the parsing leads the attacker to inject and execute commands on the system remotely.

As hacker has already published the exploit code which is coded on python makes easy for others to exploit the vulnerability. Till yet there is no patch available for the bug, neither we have seen any comments from VBulletin developers.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.