Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
#1
Information 
Quote:A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums.
 
Calling a patch for the flaw a “fail” and  “inadequate in blocking exploitation,” Austin-based security researcher Amir Etemadieh published details and examples of exploit code on three developer platforms– Bash, Python and Ruby–for the patch in a post published Sunday night.
 
On September 23, 2019, an unidentified security researcher released exploit code for a flaw that allowed for PHP remote code execution in vBulletin 5.0 through 5.4, Etemadieh wrote.
 
The zero-day, CVE-2019-16759, is called a pre-auth RCE bug, which can allow an attacker to run malicious code and take over forums without needing to authenticate on the sites that are under attack.
 
“This bug (CVE-2019-16759) was labeled as a ‘bugdoor’ because of its simplicity by a popular vulnerability broker and was marked with a CVSS 3.x score of 9.8 giving it a critical rating,” he said in the post.
A patch was issued two days later, Sept. 25, 2019, that “seemed, at the time, to fix the proof of concept exploit provided by the un-named finder,” Etemadieh said.

Source: https://threatpost.com/researcher-publis...aw/158232/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
alison30's profile alison30

>