CVE-2011–5251: vBulletin — Unvalidated Redirects

Migrating CVE-2011–5251 publication to Medium.com as part of my Personal CVE-ID Migration Project. This was originally published June 2, 2011. The only major change is moving the CVSS from version 2.0 to 3.1, and updated the title from “Multiple Open Redirects” to “Unvalidated Redirects”.

Description

Multiple Open Redirect vulnerabilities in vBulletin version 4.1.3 and below allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the “url” parameter. By appending ?url=http://attackersite.com to any number of pages, the user will be redirected to a potentially dangerous site. This is particularly interesting when used on the registration form or the password reset form.

Severity

CVSS v3.1 Vector (Medium): AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C

Exploit Example

https://vulnerablesite.com/register.php?do=checkdate&url=http://attackersite.com

References:

NIST-NVD:
https://nvd.nist.gov/vuln/detail/CVE-2011-5251

vBulletin’s Advisory:
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/390283-potential-phishing-vector#post2166441

OWASP Unvalidated Redirects:
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html