Dangerous VBulletin Exploit In the Wild

An anonymous reader writes "vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. Although vBulletin has not disclosed the root cause of the vulnerability or its impact, we determined the attacker's methods. The identified vulnerability allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account. Once the attacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the supported site."

Lazy admins?

When vBulletin itself suggests to remove all install directories after installing vBulletin, I'd put it down to lazy admins who can't be effed removing the said directories when advised to in the first place. Hence the "Be sure to delete the install directories, they are a security risk" disclaimer.

Re:Lazy admins?

...because having a default install configuration which allows total compromise of the site isn't incredibly irresponsible.

Old news

[Reez]

This is old news (2013-08-27) even by Slashdot's standards. Forums that were vulnerable have been probably all hacked (then fixed) already ;)

Re:Short form:

[rsmith-mac]

What's odd is that those directories shouldn't be public in the first place. You're supposed to remove them (or block them) once the install is done and before you turn the forum live.

Re:I got hit by this...

[NatasRevol]

Deleting the install directory is a good idea for the install scripts to do.

Re:Short form:

[2fuf]

You're also not supposed to have security compromising settings activated by default, when you manufacture a software product. You know that there will always be people who run it in production straight out of the box.