Product: vBulletin Version: 3 - 4.1.3 Release Date: 06/02/2011 Risk: Low Authentication: Not required to exploit. Remote: Yes
Description: Multiple Open Redirect vulnerabilities in vBulletin version 4.1.3 and below allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the "url" parameter. By appending ?url=http://attackersite.com any number of pages, the user will be redirected to a potentially dangerous site. This is particularly interesting when used on the registration form or the password reset form.
Exploit Example: http://forum.pwndshop.com/register.php?do=checkdate&url=http://attackersite.com
Vendor Notified: Yes
Reference: http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441 https://www.owasp.org/index.php/Open_redirect
Robert Gilbert Senior Consultant HALOCK Security Labs, Purpose Driven Security(tm) rgilbert [-at-] halock [-dot-] com http://www.halock.com http://blog.halock.com
Note: This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, and/or confidential. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and delete this message immediately.