vBulletin x.x.x Customer Area 0day
https://topbloggingsofts.blogspot.com/2013/09/vbulletin-xxx-customer-area-0day.html
Hello Guys
Since the eXploit was shared on other forums, I decided to post it to the public.
This Exploit Madleets Team Used To Stamp Many Big Forums
http://www.madleets.com/Thread-DirectAdm...ed-By-1337
Any ways, 1st find a vBulletin 4 or 5 target
2) Make sure it has a /install/upgrade.php file in it
3) Go to site.com/install/upgrade.php and right click the page and see source code.
Find var CUSTNUMBER =
4) Once found , copy it
5) Then open http://pastebin.com/ZTEC6tgr
save as .php and upload to any host
6) After that paste that CUSTNUMBER into the Customer I.D box (It will be something like 9c4818514a74338f980793e7426b2fb1)7) Fill in the other box's such as site URL, Username, Password and Email.
8) Once done, click Inject Admin and let the page load
9) Thats all, now go to the forum and login with the login details which you injected the site with.
Have fun
How to patch the bug ? Remove the install dir
Regards
Thanks To Madleets.com Team Where I Got This Exploit
xxxxxxxxxxxxxxxx
ReplyDelete