Enable build support by adding .buildspec.yml
README.md | Loading last commit info... | |
vbulletin-movepm-poi.php |
README.md
--------------------------------------------------------------
vBulletin <= 5.5.2 (movepm) PHP Object Injection Vulnerability
--------------------------------------------------------------
author..............: Egidio Romano aka EgiX
mail................: n0b0d13s[at]gmail[dot]com
software link.......: https://www.vbulletin.com
+-------------------------------------------------------------------------+
| This proof of concept code was written for educational purpose only. |
| Use it at your own risk. Author will be not responsible for any damage. |
+-------------------------------------------------------------------------+
[-] Vulnerability Description:
User input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is
not properly sanitized before being used in a call to the unserialize() PHP function. This can
be exploited by malicious users to inject arbitrary PHP objects into the application scope,
allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
[-] Technical writeup:
http://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection