View Single Post
  #1  
Old 02 Jun 2011, 16:40
vB.Org System vB.Org System is offline
 
Join Date: Aug 2007
Potential Phishing Vector

We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.

It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.

Generic example of the Phishing Attempt:
  • User can post a fake thread inviting others to reset their passwords using the provided link
  • User edits the link to append an incorrect “last location” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
  • For example: http://www.vbulletin.com/forum/login...www.google.com
  • Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information.
This vector was reported by:

Robert Gilbert
HALOCK Security Labs
http://blog.halock.com


More...