Friday 6 November 2015

Exploit For vBulletin Serious Flaw Made Public


Internet is an exploit for a serious vulnerability in the popular forum software vBulletin appeared, allowing attackers simply unpatched websites can take over. Last week vBulletin's website was hacked. Then followed a password reset to 345 000 users.

Last Monday vBulletin published a security update. According to security firm Sucuri vulnerability has been attacked since the end of October and that are easy to abuse. Through the vulnerability allows an attacker to execute arbitrary commands on a vulnerable website. Sucuri also states that vBulletin.com last week using this vulnerability has been hacked and defaced.

Now the exploit was made public administrators advised to get their website as soon as possible to patch. Through the attack, an attacker can completely take over the website viz. At present there are only perceived attacks against several large websites, but Daniel Cid Sucuri warns that this is likely to change soon as the exploit is included in automated attack programs.

No comments:

Post a Comment