for this flaw and patch is released on
02-08-2011.
https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch
*Credits*
This vulnerability was discovered by Muhammad Haroon from Innovative
Solutions KSA. OWASP Chapter Lead of Pakistan. haroon
those SensePost guys an email at resea...@sensepost.com and tell
them how its blowing up.. I have it on pretty good authority they would
love to help..
/mh
--
Haroon Meer, SensePost Information Security |
http://www.sensepost.com/blog
confident of the integrity of the data.
(its why squeeza happlily does a transfer of binary files from the
server using just timing (and patience))
/mh
Ps.. checkout the paper on the same page for snippets of the sql we are
using..
--
Haroon Meer, SensePost Information Security
and)
easily extensible, and feedback is appreciated...
*Actually, we think its pretty cool, but we _are_ geeks who thought that
the coolest thing in Vegas this year was the .za vs .usa soccer match
that took place illegally in the Caesars car-park..
/mh
- --
Haroon Meer, SensePost Information
compromise) may not be able
to write files to most locations on my machine, and so prevents my
machine from being owned in the traditional sense, but wont stop me
from losing all of my data.
/mh
--
Haroon Meer, SensePost Information Security
PGP: http://www.sensepost.com/pgp/haroon.txt
Tel: +27 83786