NYCPHP Meetup

NYPHP.org

[nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too?

Ben Sgro ben at projectskyline.com
Wed Jun 10 13:34:16 EDT 2009


haha sorry - email client went crazy!

Ben Sgro wrote:
> Hey,
>
> Have you searched for exploits for this 3.7 version? Who knows, maybe 
> something is public and hasn't been patched yet. Also, I'd do a little 
> research
> and see if someone is distributing some kinda vBulletin pwnage attack 
> suite or similar. If you can find something, dig through the source 
> and I'm sure you can
> secure against such attacks.
>
> I can't imagine there are tons' of 0days for this type of stuff 
> sitting around...its got to surface sooner or later.
>
> Also, maybe you could log all SQL queries (if you feel its SQL 
> injection) - You'll quickly find the offending query. However, I find 
> it hard to believe that
> any modern, up to date web application is not using binded queries. 
> But who knows. I have zero experience with vBulletin.
>
> Another option would be to setup a honey pot with vBulletin on it. 
> You'll find the exploit with that, probably rather quickly, but this 
> does require a good amount of effort
> if your new to honey pots.
>
> Good luck - and let us know,
>
> - Ben
>
> Brian Williams wrote:
>> if it has only started happening with the latest version i would 
>> check the vBulletin forums and see if there is a fix for the bug, or 
>> to even make sure they know about it.
>>
>>
>>
>> On Tue, Oct 14, 2008 at 11:48 AM, <mikesz at qualityadvantages.com 
>> <mailto:mikesz at qualityadvantages.com>> wrote:
>>
>>     Hello Brian,
>>
>>
>>     Thanks for the reply...
>>
>>
>>     I only work on vBulletin and I always make sure I have the latest
>>     stuff installed. Earlier versions didn't have problem but since
>>     3.7 seems like the badguys have found a way to just bypass the
>>     whole registration process. Like I said in the previous post with
>>     captcha and moderation turned on, they still end up in the
>>     "registered" member queue. I have not a clue how they got there.
>>
>>
>>     I am trapping $_REQUEST to retrieve as much as I can from the form
>>     submission to try to analyze what's going on, the software is
>>     indeed using $_POST, sorry for the miscommunication.
>>
>>
>>     --
>>     Best regards,
>>
>>      mikesz                            
>> mailto:mikesz at qualityadvantages.com
>>
>>
>>     _______________________________________________
>>     New York PHP Community Talk Mailing List
>>     http://lists.nyphp.org/mailman/listinfo/talk
>>
>>     NYPHPCon 2006 Presentations Online
>>     http://www.nyphpcon.com
>>
>>     Show Your Participation in New York PHP
>>     http://www.nyphp.org/show_participation.php
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>



More information about the talk mailing list