-reb0rn Posted September 14, 2012 Report Posted September 14, 2012 Enjoy The Exploit Guys !NOTE : I m not the author of this exploit .. I m just sharing with ABH users# Exploit Title: Vbulletin Forum Backup Exploit# Google Dork: allinurl:forumbackupallinurl:forumbackup.sql# Date: 14/9/2012# Exploit Author: BeNji# Vendor Homepage: Hacking & Web Security Forum - BiT'S HACKSoftware Link: Home page# Version: All Versions# Tested on: http://www.eyehorn.com# CVE : [if one exists, or other VDB reference]This is a simple vbulletin forum exploit !With the help of this vulnerability you can hack database of vbulletin forumsHere is the instruction for exploit :1- Go the google.com and search for this dorkDoRKS :allinurl:forumbackupallinurl:forumbackup.sql2- Find the vulnerability links which looks like :/wppublic/forumbackup//forum/Forumbackup//forums/Forumbackup//main/Forumbackup/3 - Here Is the example URL for your demo : http://www.eyehorn.com/wppublic/forumbac...les%29.sql4 - Open The Database And Check for 1st User Name and Pas5 - Get The user name and crack the hash ! Thats AllNow to go the forum and login with Admin user name and password and deface the forum !Credits :BitsHacking Team Quote
AlStar Posted September 14, 2012 Report Posted September 14, 2012 Nemessis se lauda acu vreo 2 ani, ca poa' sa faca public hashu' la parola, si tot nu-i problema? Quote
aelius Posted September 14, 2012 Report Posted September 14, 2012 (edited) Asta nu e exploit, e prostie umana sa lasi .sql accesibil pe web.<Files ~ "^(.*)\.(inc|sql|class)$"> Order deny,allow Deny from all</Files>Si scapati de 90% din "facatorii" de site-uri care uita ca extensiile .class si .inc nu sunt procesate ca php, iar fisierele .sql nu se tin accesibile pe webNow to go the forum and login with Admin user name and password and deface the forum !Credits :BitsHacking TeamUn exemplu bun din partea unor retardati ce se cred hackeri, in schimb nici nu stiu ce inseamna asta. (apropo de deface). Edited September 14, 2012 by aelius Quote
pelican1789 Posted September 15, 2012 Report Posted September 15, 2012 Is it working? I tried a lot Quote