14 DAY TRIAL // The exploit for the vBulletin SQL injection vulnerability has been published by Romanian Security Team (RST), the security researchers that reported it in the first place.
Nytro, one of the team members who last week provided us information about the glitch and a video proof of its success, has posted the exploit on the group’s forum, detailing how an attacker could access the admin database of a forum running version 5.x of the vBulletin software.
He offered the code and all the details free of charge, although it appears that other groups are selling the zero-day for as much as $2,000 / €1,480, in Bitcoin crypto-currency.
Nytro shows the entire exploit and reveals the bug that would allow an attacker to gain access to sensitive areas of the website. It appears that the issue consisted in the fact that the quote for the controlled parameter was not escaped.
vBulletin was fast at releasing a fix, which became publicly available a day after RST reported the vulnerability on their forum.
The latest patch for vBulletin ensures that the value is escaped and eliminates the risk of a breach.
As Nytro says, the exploit is not too complex, and currently there are few forums that run a vBulletin version vulnerable to it.