vBulletin and MyBB Vulnerability

[kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>]

How I hijacked users, username and password with posting an image link
in vBulletin and MyBB

Vulnerability details:
I have posted an image link from my web site the image link that I
have posted is protected by basic authentication. I am authenticated
to the protected image folder that I am going to post which means I
can post the link and it will load from forum to me because I am
Authenticated to the protected file but others not. This is the point,
when a vBulletin based forum  trying to load my posted image to users
who trying to read my post a logging massage box going to prompt and
requiring them for logging again with their username and password and
when they fill up prompted massage box with their username and
password I was able to hijack their username and password.

check out attached image

cheers
coolkaveh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/