vBulletin 'backup.php' May Disclose Backup File to Remote Users
|
|
SecurityTracker Alert ID: 1014805
|
|
SecurityTracker URL: http://securitytracker.com/id?1014805
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 29 2005
|
Impact: Disclosure of system information, Disclosure of user information
|
Version(s): 3.0
|
Description: M@fia from crouz security team reported a vulnerability in vBulletin. A remote user may be able to obtain forum backups.
The 'backup.php' script creates a database backup file that is not password protected and is not encrypted. If the administrator
selects the same directory as the forum for the location of the backup file, then a remote user that can guess the filename can
download the file to obtain usernames, hashed passwords, and other information.
[Editor's note: The example shown in the vendor's
documentation uses a directory in the web document path.]
|
Impact: A remote user may be able to obtain forum backups.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.vbulletin.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: mahdi mafia <mahdi.mafia@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 27 Aug 2005 03:26:10 +0430
From: mahdi mafia <mahdi.mafia@gmail.com>
Subject: security hole in all version ofvbulletin forum
|
hi
a security bug in backup.php in all version of vbulletin forums
the backup file is'nt have any password
and anyone can see this
it has all hashed passwords
&
mapper software can find them
exapmle website=3Dwww.vbulletin.com
please reply this mail quickly
If you need more information mail to me
---------------
by M@fia
crouz security team
|
|
