What's The Recent Exploit For Vbulletin?

Full Version: What's The Recent Exploit For Vbulletin?

GovernmentSecurity.org > The Archives > General Network Security

Yosam

Jun 17 2004, 01:32 PM

I tried some but they didn't work,

How can i know which ver. the forum is running? (it doesn't say so in the main page).

Anyhow, i'll appreciate if someone can direct me to some king of exploit/poc/sql injection

which does work.

Thanks.

liquidSilver

Jun 17 2004, 01:39 PM

Powered by: vBulletin Version 2.3.0

- I've found a lot of forums with in the buttom - but, try see "Help!" page, maybe there is something..

Yosam

Jun 17 2004, 01:41 PM

Well, it requires user+pass in order to enter any page in this forum.

Anyhow, does anyone know any good exploit for this?

K1LL3RB0Y

Jun 17 2004, 02:28 PM

try the Woltlab Burning Board 2 v. 1-4
to find out how it works

it is also whit the register.php

Yorn

Jun 17 2004, 03:54 PM

The latest remote access vulnerability has been:
http://secunia.com/advisories/10557/

This, however, only affects versions below 2.3.4.

The latest XSS vulnerabilities are:
http://secunia.com/advisories/11142/

These only affect versions below 3.0.0 RC4.

Unless you already have an account on the forum, you will not be able to exploit the XSS vulnerabilities. XSS exploits only get you access to other accounts anyway.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: What's The Recent Exploit For Vbulletin? GovernmentSecurity.org > The Archives > General Network Security Yosam Jun 17 2004, 01:32 PM I tried some but they didn't work, How can i know which ver. the forum is running? (it doesn't say so in the main page). Anyhow, i'll appreciate if someone can direct me to some king of exploit/poc/sql injection which does work. Thanks. liquidSilver Jun 17 2004, 01:39 PM Powered by: vBulletin Version 2.3.0 - I've found a lot of forums with in the buttom - but, try see "Help!" page, maybe there is something.. Yosam Jun 17 2004, 01:41 PM Well, it requires user+pass in order to enter any page in this forum. Anyhow, does anyone know any good exploit for this? K1LL3RB0Y Jun 17 2004, 02:28 PM try the Woltlab Burning Board 2 v. 1-4 to find out how it works it is also whit the register.php Yorn Jun 17 2004, 03:54 PM The latest remote access vulnerability has been: http://secunia.com/advisories/10557/ This, however, only affects versions below 2.3.4. The latest XSS vulnerabilities are: http://secunia.com/advisories/11142/ These only affect versions below 3.0.0 RC4. Unless you already have an account on the forum, you will not be able to exploit the XSS vulnerabilities. XSS exploits only get you access to other accounts anyway. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.