扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
=============================================================== vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability =============================================================== 010101010101010101010101010101010101010101010101010101010 0 0 1Iranian Datacoders Security Team 20101 0 0 010101010101010101010101010101010101010101010101010101010 # Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability # Date: 29/08/2010 # Author: Immortal Boy # Software Link: http://www.vbulletin.org # Version: 3.8.4 & 3.8.5 # Google dork 1 : powered by vBulletin 3.8.4 # Google dork 2 : powered by vBulletin 3.8.5 # Platform / Tested on: Multiple # Category: webapplications # Code : N/A #BUG :######################################################################### 1 > Go to Http://[localhost]/path/register.php 2 > Assume that forum admin user name is ADMIN 3 > Type this at User Name ===> ADMIN� 4 > � is an ASCII Code 5 > And complete the other parameters 6 > Then click on Complete Registrarion 7 > Now you see that your user name like admin user name After this time the private messages to the user (ADMIN) to sending see for you is sending . #Patch :####################################################################### 1 > Go to AdminCP 2 > Click on vBulletin Options and choose vBulletin Options 3 > Choose Censorship Options 4 > type &# in Censored Words section 5 > Then click on Save ############################################################################# Our Website : http://www.datacoders.ir Special Thanks to : H-SK33PY , NEO , Sp|R|T , BigB4NG , 3r1ck , Dr.mute , hosinn , NIK , uones , mohammad_ir &all iranian datacoders members ############################################################################# |
体验盒子
