Who wants to be an admin?

**Ominous Gamer** · 10-09-2013, 04:53 PM

http://www.net-security.org/secworld.php?id=15743

vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. vBulletin is currently positioned 4th in the list of installed CMS sites on the Internet. Hence, the threat potential is huge.

Although vBulletin has not disclosed the root cause of the vulnerability or its impact, we determined the attacker’s methods. The identified vulnerability allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account. Once the attacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the supported site.

cant remember if we had an exploit thread, and figured it be more use here than in general discussion.

**Wraith** · 10-09-2013, 07:38 PM

The fix for this was done here ages ago. We're not vulnerable to this particular attack.

**Ominous Gamer** · 10-09-2013, 08:00 PM

figured

Thread: Who wants to be an admin?

Thread Tools

Search Thread

Display

Who wants to be an admin?

Posting Permissions