NYCPHP Meetup

NYPHP.org

[nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too?

Ben Sgro ben at projectskyline.com
Wed Jun 10 13:29:46 EDT 2009 

Hey,

Have you searched for exploits for this 3.7 version? Who knows, maybe 
something is public and hasn't been patched yet. Also, I'd do a little 
research
and see if someone is distributing some kinda vBulletin pwnage attack 
suite or similar. If you can find something, dig through the source and 
I'm sure you can
secure against such attacks.

I can't imagine there are tons' of 0days for this type of stuff sitting 
around...its got to surface sooner or later.

Also, maybe you could log all SQL queries (if you feel its SQL 
injection) - You'll quickly find the offending query. However, I find it 
hard to believe that
any modern, up to date web application is not using binded queries. But 
who knows. I have zero experience with vBulletin.

Another option would be to setup a honey pot with vBulletin on it. 
You'll find the exploit with that, probably rather quickly, but this 
does require a good amount of effort
if your new to honey pots.

Good luck - and let us know,

- Ben

Brian Williams wrote:
> if it has only started happening with the latest version i would check 
> the vBulletin forums and see if there is a fix for the bug, or to even 
> make sure they know about it.
>
>
>
> On Tue, Oct 14, 2008 at 11:48 AM, <mikesz at qualityadvantages.com 
> <mailto:mikesz at qualityadvantages.com>> wrote:
>
>     Hello Brian,
>
>
>     Thanks for the reply...
>
>
>     I only work on vBulletin and I always make sure I have the latest
>     stuff installed. Earlier versions didn't have problem but since
>     3.7 seems like the badguys have found a way to just bypass the
>     whole registration process. Like I said in the previous post with
>     captcha and moderation turned on, they still end up in the
>     "registered" member queue. I have not a clue how they got there.
>
>
>     I am trapping $_REQUEST to retrieve as much as I can from the form
>     submission to try to analyze what's going on, the software is
>     indeed using $_POST, sorry for the miscommunication.
>
>
>     -- 
>
>     Best regards,
>
>      mikesz                            mailto:mikesz at qualityadvantages.com
>
>
>     _______________________________________________
>     New York PHP Community Talk Mailing List
>     http://lists.nyphp.org/mailman/listinfo/talk
>
>     NYPHPCon 2006 Presentations Online
>     http://www.nyphpcon.com
>
>     Show Your Participation in New York PHP
>     http://www.nyphp.org/show_participation.php
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

More information about the talk mailing list