Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

vBulletin 4.1.3 Open Redirect

🗓️ 03 Jun 2011 00:00:00Reported by Robert GilbertType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

Open Redirect in vBulletin 4.1.

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2011-5251
31 Dec 201220:00
cve
Cvelist		CVE-2011-5251
31 Dec 201220:00
cvelist
EUVD		EUVD-2011-5150
7 Oct 202500:30
euvd
NVD		CVE-2011-5251
31 Dec 201220:55
nvd
Prion		Open redirect
31 Dec 201220:55
prion
RedhatCVE		CVE-2011-5251
22 May 202501:53
redhatcve
`Product: vBulletin  
Version: 3 - 4.1.3  
Release Date: 06/02/2011  
Risk: Low  
Authentication: Not required to exploit.  
Remote: Yes  
  
Description:   
Multiple Open Redirect vulnerabilities in vBulletin version 4.1.3 and below allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the "url" parameter. By appending ?url=http://attackersite.com any number of pages, the user will be redirected to a potentially dangerous site. This is particularly interesting when used on the registration form or the password reset form.   
  
Exploit Example:  
http://forum.pwndshop.com/register.php?do=checkdate&url=http://attackersite.com  
  
Vendor Notified: Yes  
  
Reference:   
http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441  
https://www.owasp.org/index.php/Open_redirect  
  
Credit:  
  
Robert Gilbert  
Senior Consultant  
HALOCK Security Labs, Purpose Driven Security(tm)  
rgilbert [-at-] halock [-dot-] com   
http://www.halock.com   
http://blog.halock.com   
  
  
Note: This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, and/or confidential. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and delete this message immediately.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jun 2011 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.00208
vbulletin 4.1.3open redirectremote attackphishingvulnerabilityrobert gilbert
32