Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly (Version 5)


Flavours of Forums Forever
Sep 9, 2013
Of course, expect a holiday.

And a holiday indeed!

I learned several stories about silicon valley developers working 18 hours a day to reach deadlines and how some of them committed suicide due to the pressure. I'm not demanding even 1/10 of such dedication. Just common sense, why the F should I care about your holiday? People can say anything they like about vBulletin but I never read anything from them that amount to "yeah, sorry for the delay in progress, some of our staff are on holiday".
They have a bigger team and can soak up that time. If you have a dev team of one and he goes on holiday, that's the entire team on holiday and therefore a problem, and telling you is therefore reasonable!


Jan 13, 2018
I see all the usual nonsense in this thread.
Unless you know how VB processes work then you have no basis to make comments like "they're still idiots and don't care about customers"

Anyone can claim they tried to make contact, I could open my window and shout out of it at vB support and claim "I tried to make contact".

Once an exploit has actually been reported, it requires time to investigate it, replicate it, decide how to fix it (without breaking anything else, or introducing more issues) then it has to be tested, it has to be back ported to at least 3 previous versions, tested on them as well, and then all the work to actually package it up and release it.

Anyone who thinks this is a five minute job is utterly clueless.

(and no, I dont have any particular love for IB anymore, I just cannot abide people making uninformed, attacking, comments).
Sorry I don't want to 'revive' this thread but they really don't know about how bugs fixing work. Should learn more about bug bounty. They can learn from it on Hackerone.