CVE-2011-5251 – VBULLETIN – MULTIPLE OPEN REDIRECT

CVE-2011-5251 – VBULLETIN – MULTIPLE OPEN REDIRECT

Product: vBulletin
Version: 3 – 4.1.3
Release Date: 06/02/2011
Risk: Low
Authentication: Not required to exploit.
Remote: Yes

Description:
Multiple Open Redirect vulnerabilities in vBulletin version 4.1.3 and below allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the “url” parameter. By appending ?url=http://attackersite.com to any number of pages, the user will be redirected to a potentially dangerous site. This is particularly interesting when used on the registration form or the password reset form.

Exploit Example:
http://forum.pwndshop.com/register.php?do=checkdate&url=http://attackersite.com

Vendor Notified: Yes

Reference:
http://www.securityfocus.com/archive/1/518239
http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441
https://www.owasp.org/index.php/Open_redirect