Register Members List Search Today's Posts Mark Forums Read

Closed Thread
Thread Tools
Old 02 Jun 2011, 16:40
vB.Org System vB.Org System is offline
Join Date: Aug 2007
Potential Phishing Vector

We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.

It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.

Generic example of the Phishing Attempt:
  • User can post a fake thread inviting others to reset their passwords using the provided link
  • User edits the link to append an incorrect “last location” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
  • For example:
  • Instead of in this example the user would go to a fake site where they could potentially be tricked into submitting real information.
This vector was reported by:

Robert Gilbert
HALOCK Security Labs

Closed Thread

Similar Threads
Thread Thread Starter Forum Replies Last Post
Integration with vBulletin vbMediaWiki Vector bepe vBulletin 4.x Add-ons 496 06 Dec 2017 19:00
Vector Statusicon Icons dj_f16 vBulletin Status Icon Sets 10 04 Mar 2011 21:05

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

New To Site? Need Help?

All times are GMT. The time now is 22:10.

Layout Options | Width: Wide Color: