Thursday, January 27, 2022

vBulletin 5.0.0 SQL Vulnerability being sold for $1k

A vBulletin zero-day has appeared on selling for $1,000 dollars, the researcher that discovered it goes by the name “Liz Vicious“.  The description also describes that it works on all 5.0 versions and is not patched.

This exploit owns any forum based on vBulletin 5. All versions. Still there is no CVE or patch. On this moment vBulletin 5.0.0 beta 21 is the last version and its affected, including the vendor’s site. Wow!

Many are wondering if it’s the same seller/researcher that discovered this patch and was selling it on which was being sold for $1,200 USD.

You can view proof of the zero-day in a youtube video below.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …