We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.
It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.
Generic example of the Phishing Attempt:
- User can post a fake thread inviting others to reset their passwords using the provided link
- User edits the link to append an incorrect “last location” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
- For example: http://www.vbulletin.com/forum/login...www.google.com
- Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information.
This vector was reported by:
Robert Gilbert
HALOCK Security Labs
http://blog.halock.com 
06-09-2011, 06:54 PM
Potential Phishing Vector 
Similar Threads 
Linear Mode
