vBulletin security patches and zero-day exploit available online

Rumors on the Internet says that the hackers who breached vBulletin forum website exploited a zero-day flaw, the company issued emergency security patches.

On Sunday, the vBulletin official website has been hacked, according to DataBreaches.net, vBulletin, Foxit Software forums have been hacked by Coldzer0 that has stolen hundreds of thousands of users’ records.

The hacker published screenshots that show he managed to upload a shell to the vBulletin forum website and accessed user personal information, including user IDs, names, email addresses, security questions and answers, and password salts).

In response to the attack, VBulletin Solutions has reset the passwords for over 300,000 accounts on the official website, and The vBulletin technical support has released an emergency security patch release for versions 5.1.4 through 5.1.9 of the vBulletin Internet forum software.

“Very recently, our security team discovered a sophisticated attack on our network. Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems,” explained a vBulletin support manager.

It’s not clear if the patches were released because the attacker exploited a zero-day flaw in the platform, the hacker in fact claimed to have compromised the vBulletin.com database exploiting an unknown vulnerability. On Monday, the hacker using the online moniker “Coldzer0” started offering for sale a zero-day vBulletin exploit (“vBulletin 5.x.x Remote Code Execution 0day Exploit”) on a website that specializes in the exploit trading.

Tuesday, after vBulletin released the security patches, a the Twitter account @_cutz published the details of a remote code execution flaw in vBulletin. The experts speculate the existence of the flaw for the past three years.

The offer also includes a video POC of the vBulleting zero-day Exploit:

 

vBulletin is a very popular platform, it is used by more than 100,000 community websites, including some operated by Electronic Arts, Sony Pictures and Valve Corporation.

VBulletin is urging all users to update their installations as soon as possible.

Pierluigi Paganini

(Security Affairs – vBulletin forum, hacking)