vBulletin SCANU’s vBFinder Plugin – Authorization Bypass

Plugin: http://www.vbulletin.org/forum/showthread.php?t=299490
Version: <= 0.2 (latest) The mistake in this plugin is that the author did not add any checks in the connecter file, he doesn't check if the user is currently logged in as an administrator. We can simply exploit this by making a .html file and by pointing all URL references to the admincp of a forum with this plugin. Proof of concept:






This will establish a connection to the vulnerable host and will pop-up the file manager.
You can now download/upload/delete anything you want and browse through all of the files.

Leave a Reply

Your email address will not be published / Required fields are marked *