Saturday, October 12, 2013

vBulletin exploit in the wild

vBulletin CMS is under attack by cyber criminals which exploited the vulnerability that allows to create new administrative accounts. Back in August, users of versions in the 4.1+ and 5+ series were advised to delete the /install/ or /core/install/ directories (depending on version) as a workaround against the bug, but vBulletin didn't advise of the impact of the problem. The vulnerability allows admin account injection using vulnerable PHP code. The author of the article, Barry Shteiman of Imperva, notes that the exploit code and technique were found on hacker forums, meaning that the exploit is in the wild. <more>

No comments: