 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 37
 Members: 0
 Total: 37
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
vBulletin SQL Injection to Get Hash and Salt |
|
 Posted: Tue Jun 03, 2008 6:13 am |
 |
|
| Warlord |
| Beginner |
 |
|
| Joined: Jun 03, 2008 |
| Posts: 3 |
|
|
|
 |
|
 |
|
Hello, I am trying to find out how a attacker gets the hash out of vBulletin when they inject into a vBulletin database...(i.e. www.sitename.com/forums/install/finalupgrade.php) or something like that. I have been told that if you do this and right click and view the source it will show you the md5 hash, user name, & salt and so far I have yet to figure this out. I have also been told that I may have to user other commands to get it to spit out the required hash that I need to gain the info in needt to crackt he password.
I run a site and I want to learn how they keep attacking me, I want to learn for my self and it is hard to get the required info. I am running 3.7.1, but want to learn that one as well as the older versions of vBulletin. Please any info you have will be great appreated. |
|
|
|
|
|
|
|
|
| Posted: Tue Jun 03, 2008 10:14 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
This is not sql inj,this is old bug in finalupgrade.php.Example:
victim.com/vbulletin_path/install/finalupgrade.php?step=/%20db*/%20backup*/%20
if install folder is visible you can make a backup of entire database or may choose specific table and download it.If ypu don't want to hack your forum just delete directory "install" or rename it "(ijs&^5sksjdu" |
|
|
|
|
| Posted: Tue Jun 03, 2008 10:31 pm |
|
|
| Warlord |
| Beginner |
|
|
| Joined: Jun 03, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
| So how would I get that to give me the user table? Please forgive me for asking to be spoon feed, I have been trying to learn this mess for a long time. Any help will be great. |
|
|
|
|
| Posted: Wed Jun 04, 2008 1:08 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Like he said, it's an old bug and so has been fixed. Only very old versions of vbulletin have this bug. Since you are 3.7.1 this bug does not exist at all!
i think it was fixed in 3.0 or somewehre around there. |
|
|
|
|
| Posted: Wed Jun 04, 2008 1:10 am |
|
|
| Warlord |
| Beginner |
|
|
| Joined: Jun 03, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
| Is there anyway to get the user table out of vBulletin anymore? There has to be some way of doing it. |
|
|
|
|
| Posted: Sun Aug 17, 2008 5:23 pm |
|
|
| 3rraz |
| Beginner |
|
|
| Joined: Aug 17, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
| Warlord wrote: | | Is there anyway to get the user table out of vBulletin anymore? There has to be some way of doing it. |
Theres isnt one..
Go through the code yourself. It is possible if the target has an home made "portal" with bad coding, then u could grab the vBulletin db. And all other dbs for that matter. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
