Potential Phishing Vector

Discussion in 'vBulletin Discussions' started by News Bot, Jun 2, 2011.

  1. News Bot

    News Bot Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    429
    Likes Received:
    63
    Location:
    Cyber Space
    We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.

    It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.

    Generic example of the Phishing Attempt:

    • User can post a fake thread inviting others to reset their passwords using the provided link
    • User edits the link to append an incorrect “last location” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
    • For example: http://www.vbulletin.com/forum/login...www.google.com
    • Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information.
    This vector was reported by:

    Robert Gilbert
    HALOCK Security Labs
    http://blog.halock.com


    Continue reading...
     
  2. Kaiser

    Kaiser Regular Member

    Joined:
    Nov 15, 2010
    Messages:
    6,744
    Likes Received:
    1,132
    Hope they get this patched soon now that they just pretty much showed us how to do it..
     
  3. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    sometimes I swear that VB are run by a load of idiots, cos although it's been identified, why are they telling people how to do it...
     
  4. Kaiser

    Kaiser Regular Member

    Joined:
    Nov 15, 2010
    Messages:
    6,744
    Likes Received:
    1,132
    I know... specially when they dont have a patch out of it. Have you noticed, that it just keeps getting worse for vBulletin with all the exploits.. one after the other.
     
  5. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    I know...it's crazy, you think they would at least have their software get professionally audited like phpBB3 had done before it went gold...
     
    Kaiser likes this.
  6. Kaiser

    Kaiser Regular Member

    Joined:
    Nov 15, 2010
    Messages:
    6,744
    Likes Received:
    1,132
    Its goes to show you how stable it really is..
     
    Ashley.S. likes this.
  7. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    Yea, I guess it does. It makes me glad that I had to switch back to phpBB3 and not buy a new VB license
     
    Kaiser likes this.
Similar Threads
Loading...

Share This Page