View Single Post
Old 13 Jan 2014, 12:37
DemOnstar's Avatar
DemOnstar DemOnstar is offline
Join Date: Dec 2012
For those of us that are lazy.. Here's the jist of it.

Following my last post I think I've managed to fix the flash file... The problem was with the decompiled source. I managed to find the original Actionscript source code for YUI 2.9.0 here:

I used that to replace some of the decompiled source from uploader.swf and then recompiled with a REGEX to sanitise allowedDomain. The result is a working uploader.swf that passes the exploit proof of concept.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

If there are any proper Flash developers out there who can double check my code I will be happy to share the source!

DISCLAIMER: I am not a flash developer, I am just another vBulletin customer trying to keep his members happy! This file is provided free of charge for the benefit of the vBulletin community. You use it at your own risk! Please test before using on a live site!!
Reply With Quote