Jump to content
Sdicky

SQL Injection vBulletin 4

By Sdicky, in Tutoriale in engleza

Recommended Posts

Sdicky Newbie

Sdicky

Posted
Posted

Vreau sa spun de acuma.Nu este facut de mine acest tutorial.Eu doar cautam ceva pe google legat de vBulletin si am dat de asta din intamplare.Toate drepturile de autor catre: Azazel (Nu are cont aici.)

NU AM TESTAT NIMICA.NU STIU DACA FUNCTIONEAZA.

1.First get , Mozilla Firefox 3.6.17

2.Download the Live HTTP Headers addon for Mozilla Firefox.

3.Go to google and search this :

insite: Powered by vBulletin™ Version 4.1.2

4.Find a website that has forum version 4.0.0 to 4.1.2.

5.Now you need to be sure that groups are enabled for that website . Make sure it has groups or this will not work .

6. Now make an account on that forum .

7.Verify your account

8.Now go to the groups section and copy any of the group name .

9.Click on Advanced Search on the top.

10.Open the newly installed addon called LIVE HTTP headers. (Tools -> Liver HTTP Headers)

11. Now click on clear if the page is full.Make sure Capture is ticked or selected.

12.Now paste the group name in the "Keyword(s)" .

13.Make sure "Search Titles Only is selected .

14. Now click Search and make sure you are capturing on your live feed header.

15.So now you must get the group . If you have not , then you possibly did something wrong .Don't worry,try it again !

16.Now go to Live HTTP headers and scroll to the top.

17.Now you need to search for something like this : "type%5B%5D=7"It must be easily found and mostly is found underneath content length.

18.Select it so it is highlighted then click on replay.

19.Now a pop up box will appear with "process&searchthreadid=" at the end.

20.Now put any of these in the box according to your needs :

To see database:

&cat[0]=1) UNION SELECT database()#

To see tables:

&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#

To see information on the first user:

:&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

Now anyone can do the rest. It is tested and working

Hope you like my tutorial.

Thanks for reading.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...