VBulletin Forum Backup Exploit [Hack Forum Database And Deface]

[-reb0rn]

Enjoy The Exploit Guys !

NOTE : I m not the author of this exploit .. I m just sharing with ABH users

# Exploit Title: Vbulletin Forum Backup Exploit

# Google Dork: allinurl:forumbackup

allinurl:forumbackup.sql

# Date: 14/9/2012

# Exploit Author: BeNji

# Vendor Homepage: Hacking & Web Security Forum - BiT'S HACK

Software Link: Home page

# Version: All Versions

# Tested on: http://www.eyehorn.com

# CVE : [if one exists, or other VDB reference]

This is a simple vbulletin forum exploit !

With the help of this vulnerability you can hack database of vbulletin forums

Here is the instruction for exploit :

1- Go the google.com and search for this dork

DoRKS :

allinurl:forumbackup

allinurl:forumbackup.sql

2- Find the vulnerability links which looks like :

/wppublic/forumbackup/

/forum/Forumbackup/

/forums/Forumbackup/

/main/Forumbackup/

3 - Here Is the example URL for your demo : http://www.eyehorn.com/wppublic/forumbac...les%29.sql

4 - Open The Database And Check for 1st User Name and Pas

5 - Get The user name and crack the hash ! Thats All

Now to go the forum and login with Admin user name and password and deface the forum !

Credits :

BitsHacking Team

[kNigHt]

Bullshit.

[AlStar]

Nemessis se lauda acu vreo 2 ani, ca poa' sa faca public hashu' la parola, si tot nu-i problema?

[aelius]

Asta nu e exploit, e prostie umana sa lasi .sql accesibil pe web.

<Files ~ "^(.*)\.(inc|sql|class)$">
  Order deny,allow
  Deny from all
</Files>

Si scapati de 90% din "facatorii" de site-uri care uita ca extensiile .class si .inc nu sunt procesate ca php, iar fisierele .sql nu se tin accesibile pe web

Now to go the forum and login with Admin user name and password and deface the forum !

Credits :

BitsHacking Team

Un exemplu bun din partea unor retardati ce se cred hackeri, in schimb nici nu stiu ce inseamna asta. (apropo de deface).

Edited September 14, 2012 by aelius

[pelican1789]

Is it working? I tried a lot