[nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too?
Michael Sims
jellicle at gmail.com
Tue Oct 14 12:07:05 EDT 2008
On Tuesday 14 October 2008, mikesz at qualityadvantages.com wrote:
> I only work on vBulletin and I always make sure I have the latest stuff
> installed. Earlier versions didn't have problem but since 3.7 seems like
> the badguys have found a way to just bypass the whole registration
> process. Like I said in the previous post with captcha and moderation
> turned on, they still end up in the "registered" member queue. I have not
> a clue how they got there.
>
> I am trapping $_REQUEST to retrieve as much as I can from the form
> submission to try to analyze what's going on, the software is indeed
> using $_POST, sorry for the miscommunication.
Through SQL injection, the bad guys need not approach through the front-door
registration process. Perhaps some query on a random page somewhere is
being hijacked: Get the stupid widget from the stupid table, and oh, by the
way, insert this new user into the registered members table.
I'm not familiar with vBulletin but if you can grep through ALL the queries
being executed on your site, and search for the new badguy usernames that
are being injected into your table, then you can find which query is being
used to add them. It need not be anywhere on the registration page.
Michael Sims
More information about the talk
mailing list