Tuesday, March 19, 2024

vBulletin Forum Software RCE Zero-day Exploit Published Online By Anonymous Hacker – Unpatched

An anonymous hacker publicly disclosed an unpatched vBulletin forum software pre-auth RCE Zero-day Exploit.

vBulletin is one of the most popular and widely used forum software which is written in PHP, and the new version of vBulletin software release just 20 days ago.

According to the Exploit writer who has posted in the exploit code in online said “This should work on all versions from 5.0.0 till 5.5.4”

It’s unclear why the researcher discloses the exploit in public instead of reporting to the vBulletin team, and if he did this, the researcher would have to make up to $10000 as a bug bounty reward since the exploitable RCE vulnerability belongs to “Critical” severity category.

GBHackers Team analyzed the code and confirmed that the vulnerability allows attackers to execute a remote command via widgetConfig[code] parameter and inject the shellcode in the forum server where the vBulletin installation package resides.

The disclosed exploit code takes advantage of the vulnerability that existing up to vBulletin 5.4 version due to improper validation in “ajax/render/widget_php” during the time of processing data through “widgetConfig[code]” HTTP POST parameter. you can have a look at the following python script published by the researcher online. 

vBulletin RCE Zero-day Exploit code

An attacker doesn’t need to have an account on the forum that used vBulletin software version 5.4 and below to exploit the vulnerability, and the attacker can send a specially crafted HTTP POST request to execute the arbitrary code in the targeted forum.

The researcher called this vulnerability as “pre-auth Remote code execution” which is categorized as a critical severity, and the successful exploit this vulnerability may result in the complete compromise of a vulnerable system remotely.

There are very few percentages (less than 1 %) of the total website on the internet used the vBulletin forum software, but there are millions of users who have registered in the forum are now affected.

There is no patch published yet, We may expect the vBulletin team fix the vulnerability and release the patch soon.

Stay tuned, we will update here once we get the patch update.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: Microsoft Emergency Patch – IE Zero-day Vulnerability Let Hackers Execute Arbitrary Code Remotely in Windows PC

Website

Latest articles

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins,...

ShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive Data

A new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits.Aiohttp...

Hackers Launching AI-Powered Cyber Attacks to Steal Billions

INTERPOL's latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled...

Fujitsu Hacked – Attackers Infected The Company Computers with Malware

Fujitsu Limited announced the discovery of malware on several of its operational computers, raising...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles