[nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too?
Elijah Insua
tmpvar at gmail.com
Wed Jun 10 13:35:09 EDT 2009
Hello,
little bit of this, little bit of that, and some google :
http://jamesseligman.net/is-vbulletin-37-recaptcha-verification-flawed/
-- Elijah
On Wed, Jun 10, 2009 at 1:29 PM, Ben Sgro <ben at projectskyline.com> wrote:
> Hey,
>
> Have you searched for exploits for this 3.7 version? Who knows, maybe
> something is public and hasn't been patched yet. Also, I'd do a little
> research
> and see if someone is distributing some kinda vBulletin pwnage attack suite
> or similar. If you can find something, dig through the source and I'm sure
> you can
> secure against such attacks.
>
> I can't imagine there are tons' of 0days for this type of stuff sitting
> around...its got to surface sooner or later.
>
> Also, maybe you could log all SQL queries (if you feel its SQL injection) -
> You'll quickly find the offending query. However, I find it hard to believe
> that
> any modern, up to date web application is not using binded queries. But who
> knows. I have zero experience with vBulletin.
>
> Another option would be to setup a honey pot with vBulletin on it. You'll
> find the exploit with that, probably rather quickly, but this does require a
> good amount of effort
> if your new to honey pots.
>
> Good luck - and let us know,
>
> - Ben
>
> Brian Williams wrote:
>
>> if it has only started happening with the latest version i would check the
>> vBulletin forums and see if there is a fix for the bug, or to even make sure
>> they know about it.
>>
>>
>>
>> On Tue, Oct 14, 2008 at 11:48 AM, <mikesz at qualityadvantages.com <mailto:
>> mikesz at qualityadvantages.com>> wrote:
>>
>> Hello Brian,
>>
>>
>> Thanks for the reply...
>>
>>
>> I only work on vBulletin and I always make sure I have the latest
>> stuff installed. Earlier versions didn't have problem but since
>> 3.7 seems like the badguys have found a way to just bypass the
>> whole registration process. Like I said in the previous post with
>> captcha and moderation turned on, they still end up in the
>> "registered" member queue. I have not a clue how they got there.
>>
>>
>> I am trapping $_REQUEST to retrieve as much as I can from the form
>> submission to try to analyze what's going on, the software is
>> indeed using $_POST, sorry for the miscommunication.
>>
>>
>> --
>> Best regards,
>>
>> mikesz mailto:mikesz at qualityadvantages.com
>>
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20090610/8797fec4/attachment.html>
More information about the talk
mailing list