vBulletin 3.8.4/3.8.5 – Registration Bypass - 体验盒子

作者： Immortal Boy
日期： 2010-08-29
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/14833/
===============================================================
vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability
===============================================================


 010101010101010101010101010101010101010101010101010101010 
 0 0
 1Iranian Datacoders Security Team 20101
 0 0
 010101010101010101010101010101010101010101010101010101010
 

# Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability
# Date: 29/08/2010
# Author: Immortal Boy 
# Software Link: http://www.vbulletin.org
# Version: 3.8.4 & 3.8.5
# Google dork 1 : powered by vBulletin 3.8.4
# Google dork 2 : powered by vBulletin 3.8.5
# Platform / Tested on: Multiple
# Category: webapplications
# Code : N/A
 
#BUG :#########################################################################
 
1 > Go to Http://[localhost]/path/register.php

2 > Assume that forum admin user name is ADMIN

3 > Type this at User Name ===> ADMIN&#00

4 > &#00 is an ASCII Code

5 > And complete the other parameters

6 > Then click on Complete Registrarion

7 > Now you see that your user name like admin user name
 
After this time the private messages to the user (ADMIN) to sending see for you is sending .


#Patch :#######################################################################

1 > Go to AdminCP

2 > Click on vBulletin Options and choose vBulletin Options

3 > Choose Censorship Options

4 > type &# in Censored Words section

5 > Then click on Save

#############################################################################

Our Website : http://www.datacoders.ir
 
Special Thanks to : H-SK33PY , NEO , Sp|R|T , BigB4NG , 3r1ck , Dr.mute ,

hosinn , NIK , uones , mohammad_ir &all iranian datacoders members
 
#############################################################################