Wednesday, March 11, 2020

vBulletin 5.0.0 SQL Vulnerability being sold for $1k

FastFlux December 19, 2012 Exploits, Security

A vBulletin zero-day has appeared on 1337day.com selling for $1,000 dollars, the researcher that discovered it goes by the name “Liz Vicious“.  The description also describes that it works on all 5.0 versions and is not patched.

This exploit owns any forum based on vBulletin 5. All versions. Still there is no CVE or patch. On this moment vBulletin 5.0.0 beta 21 is the last version and its affected, including the vendor’s site. Wow!

Many are wondering if it’s the same seller/researcher that discovered this patch and was selling it on Trojanforge.com which was being sold for $1,200 USD.

You can view proof of the zero-day in a youtube video below.

Tags

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …

Powered by ZeroSecurity
© Copyright 2020, All Rights Reserved