 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Upload shell in vb4 |
 |
 Posted: Sun May 16, 2010 7:37 pm |
 |
|
| delta |
| Advanced user |
 |
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
 |
|
 |
|
Already tried every known options. Using plugin, xml, etc, but none worked.
If I try uploading a xml style(old version) with shell i get this:
| Quote: | | The text for the template contains potentially unsafe code. Text in curly style php string substitution expressions (like {$vbulletin->somevalue}) is only allowed to contain the characters in a-z, A-Z, 0-9, square brackets ( [] ), and quotes ( "' ). This prevents possible arbitrary code execution when the phrase is processed. |
Anyone know how can i uplod a shell in this version of vbulletin?
I have all admin permissions. |
|
|
|
|
| Posted: Sun May 16, 2010 9:00 pm |
|
|
| vince213333 |
| Advanced user |
 |
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
|
|
|
|
| Posted: Sun May 16, 2010 9:07 pm |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| Already tried before, but when I open ajax.php only get "There was an error uploading the file, please try again!" |
|
|
|
|
| Posted: Sun May 16, 2010 9:17 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
That's what you should get  It's because you visit the page which executes the script but you didn't specify a file to upload. You might want to have a look at the code if you know something about PHP, it's actually quite easy to understand. But just follow the rest of the tutorial and you'll have your shell up in no time |
|
|
|
|
|
|
|
|
| Posted: Sun May 16, 2010 10:11 pm |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
Yeah, I know, but already tried to upload the file before, always get a xml error.
| Quote: | O documento XML não está associado a estilos. A estrutura do documento é representada abaixo.
−
<error>
Sua solicitação não pode ser processada porque um marcador de segurança foi considerado inválido.<br />
<br />
Se isso ocorreu de repente, por favor <a href="sendmessage.php">informe o administrador</a> e descreva a ação que você executou antes de obter esta mensagem de erro.
</error> |
|
|
|
|
|
| Posted: Sun May 16, 2010 10:38 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
When exactly did you get that error?  |
|
|
|
|
| Posted: Sun May 16, 2010 10:49 pm |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| After the file being "uploaded" by ajax.php |
|
|
|
|
| Posted: Sun May 16, 2010 10:56 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| Hmm if you want, you can pm me the site url with the admin details and I can try and upload a shell for you? |
|
|
|
|
| Posted: Sun May 16, 2010 11:16 pm |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| Sry, I cant, I'm sure that this method don't work for this forum, I need other way to upload the shell. |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 25
Members: 0
Total: 25
