Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

2012-10-22T00:00:00
ID SECURITYVULNS:DOC:28671
Type securityvulns
Reporter Securityvulns
Modified 2012-10-22T00:00:00

Description

a bug in Vbulletin (blog_plugin_useradmin) v4.1.12 that allows to us to occur a Sql Injection on a Remote machin.

Exploit Title : Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

Author : IrIsT.Ir

Discovered By : Am!r

Home : http://IrIsT.Ir/forum

Software Link : http://www.Vbulletin.com/

Security Risk : High

Version : All Version

Tested on : GNU/Linux Ubuntu - Windows Server - win7

Dork : intext:"Powered By Vbulletin 4.1.12"

Expl0iTs :

http://target.com/includes/blog_plugin_useradmin.php?do=usercss&u=[Sql]

Greats : B3HZ4D - nimaarek - Net.W0lf - Dead.Zone - C0dex - SpooferNinja - TaK.FaNaR - Nafsh - BestC0d3r

0x0ptim0us - TaK.FaNaR - m3hdi - F@rid - Siamak.Black - H4x0r - dr.tofan - skote_vahshat -

d3c0d3r - Samim.S - Mr.Xpr & M.R.S.CO & Mr.Cicili & H-SK33PY & All Members In Www.IrIsT.Ir/forum

#######################