I hereby claim:
- I am jamesbercegay on github.
- I am jamesbercegay (https://keybase.io/jamesbercegay) on keybase.
- I have a public key whose fingerprint is 9381 9C75 7B6D E796 8353 C5C3 59C6 B843 B6A4 CB06
To claim this, I am signing this object:
James Bercegay jamesbercegay
jamesbercegay
/ keybase.md
Created
June 20, 2016 16:16
I hereby claim:
- I am jamesbercegay on github.
- I am jamesbercegay (https://keybase.io/jamesbercegay) on keybase.
- I have a public key whose fingerprint is C04B 7100 AA1C 2C06 9C6B 269D 588C 150E ADFB 3F10
To claim this, I am signing this object:
jamesbercegay
/ 2019_vbulletin_0day_info.txt
Last active
November 29, 2022 17:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates. | |
| As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php | |
| $serverData = array_merge($_GET, $_POST); | |
| if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler'])) | |
| { | |
| $app = $this->application['handler']; |