Ads vbulletin security Alert Sunday, 14 May 2006 #---------------------------------------------------------- #Discovered by: Aura #ARIA - SECURITY TEAM #Gr33t to: O.U.T.L.A.W & R@1D3N & Smok3r #----------------------------------------------------------- » Vendor: Vbulletin » Summary: vbulletin is a powerfull Forum System »Description An administrator user may upload CSS Code thats obteining a phpshell ,and chose it from the vbulletins style choser. So when he chose it he will see the phpshell. Here is an example of the css file http://b3hr0uz.persiangig.com/VbStyleVuln.txt in this file the xml obtein a phpshell so the user have to upload the xml file and then chose his style and thats it . Note : dont forget to chose ignore style version ( :P ) and also that youll maybe think about this isnt a bug actualy u can make your access to the server with stealling the administrator password Discovered By Aria-Security Team (Aura - Outlaw - Rayden) » Solution No Solution . ( maybe by password protection from you cpanel) contact: This email address is being protected from spam bots, you need Javascript enabled to view it   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.