Jump to content
-reb0rn

VBulletin Forum Backup Exploit [Hack Forum Database And Deface]

Recommended Posts

Posted

Enjoy The Exploit Guys !

NOTE : I m not the author of this exploit .. I m just sharing with ABH users

# Exploit Title: Vbulletin Forum Backup Exploit

# Google Dork: allinurl:forumbackup

allinurl:forumbackup.sql

# Date: 14/9/2012

# Exploit Author: BeNji

# Vendor Homepage: Hacking & Web Security Forum - BiT'S HACK

Software Link: Home page

# Version: All Versions

# Tested on: http://www.eyehorn.com

# CVE : [if one exists, or other VDB reference]

This is a simple vbulletin forum exploit !

With the help of this vulnerability you can hack database of vbulletin forums

Here is the instruction for exploit :

1- Go the google.com and search for this dork

DoRKS :

allinurl:forumbackup

allinurl:forumbackup.sql

2- Find the vulnerability links which looks like :

/wppublic/forumbackup/

/forum/Forumbackup/

/forums/Forumbackup/

/main/Forumbackup/

3 - Here Is the example URL for your demo : http://www.eyehorn.com/wppublic/forumbac...les%29.sql

4 - Open The Database And Check for 1st User Name and Pas

5 - Get The user name and crack the hash ! Thats All

Now to go the forum and login with Admin user name and password and deface the forum !

Credits :

BitsHacking Team

Posted (edited)

Asta nu e exploit, e prostie umana sa lasi .sql accesibil pe web.


<Files ~ "^(.*)\.(inc|sql|class)$">
Order deny,allow
Deny from all
</Files>

Si scapati de 90% din "facatorii" de site-uri care uita ca extensiile .class si .inc nu sunt procesate ca php, iar fisierele .sql nu se tin accesibile pe web

Now to go the forum and login with Admin user name and password and deface the forum !

Credits :

BitsHacking Team

Un exemplu bun din partea unor retardati ce se cred hackeri, in schimb nici nu stiu ce inseamna asta. (apropo de deface).

Edited by aelius

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...