Waraxe IT Security Portal

:: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools ::

June 9, 2026

Menu

Home

Logout

Discussions

	Forums
	Members List
	IRC chat

Tools

	Base64 coder
	MD5 hash
	CRC32 checksum
	ROT13 coder
	SHA-1 hash
	URL-decoder
	Sql Char Encoder

Affiliates

	y3dips ITsec
	Md5 Cracker
	User Manuals
	AlbumNow

Content

	Content
	Sections
	FAQ
	Top

Info

	Feedback
	Recommend Us
	Search
	Journal
	Your Account

User Info

Membership:

Latest: MichaelSnaRe

New Today: 0

New Yesterday: 0

Overall: 9144

People Online:

Visitors: 157

Members: 0

Total: 157

Full disclosure

SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products
[SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping
[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities
CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series
bmcweb (OpenBMC web server): four vulnerabilities — two unfixed, GHSA without a CVE
Re: Dovecot Security Advisory OXDC-2026-0002
SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp — publicly disclosed via GitHub issues
[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak
[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure
[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard
[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)
Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
APPLE-SA-05-13-2026-1 Safari 26.5
APPLE-SA-05-11-2026-11 visionOS 26.5
APPLE-SA-05-11-2026-10 watchOS 26.5

IT Security and Insecurity Portal

www.waraxe.us Forum Index -> vBulletin Board -> Script to determine attachment directories
	View previous topic :: View next topic

Script to determine attachment directories

Posted: Thu Oct 14, 2010 4:08 am

d3a2d3e3

Beginner

Joined: Oct 14, 2010

Posts: 4

Found an article last night that talks about the vbseo 3.1.0 LFI vulnerability. Plenty of other articles about that. What was unique about this one was the script provided to actually determine the attachment directories. Since this may be useful to those of you who have already tricked a target forum into accepting a malicious upload and you just need to figure out where the attachment upload landed on the target's filesystem, I figured it was worth posting the link:

http://www.exploit-db.com/vbulletin-not-so-secure-anymore/

If this is a re-post / not allowed link / etc, I apologize in advance.

Script to determine attachment directories

www.waraxe.us Forum Index -> vBulletin Board

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

All times are GMT
Page 1 of 1

PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.029 Seconds