When teaching Security Essentials (sec401) we often talk about one of the more useful hacking tools in everyone's arsenal, a browser. Wielding a browser in the right manner can expose all kinds of interesting information as is the case with vBulletin version 3.8.6. vBulletin, used to power online discussion sites has a serious flaw in vB 3.8.6. Browsing to the FAQ page on a vulnerable site and searching for the correct term will disclose the database credentials which can then be used to further compromise the site (http://www.securityfocus.com/archive/1/512575). It shows that vulnerabilities do not need to be complex. It also shows ...