Saturday, August 6, 2011
===============================================================
vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability |
=============================================================== |
010101010101010101010101010101010101010101010101010101010 |
1 Iranian Datacoders Security Team 2010 1 |
010101010101010101010101010101010101010101010101010101010 |
# Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability |
# Software Link: http://www.vbulletin.org |
# Google dork 1 : powered by vBulletin 3.8.4 |
# Google dork 2 : powered by vBulletin 3.8.5 |
# Platform / Tested on: Multiple |
# Category: webapplications |
# BUG : ######################################################################### |
1 > Go to Http://[localhost]/path/register.php |
2 > Assume that forum admin user name is ADMIN |
3 > Type this at User Name ===> ADMIN� |
4 > � is an ASCII Code |
5 > And complete the other parameters |
6 > Then click on Complete Registrarion |
7 > Now you see that your user name like admin user name |
After this time the private messages to the user (ADMIN) to sending see for you is sending . |
# Patch : ####################################################################### |
2 > Click on vBulletin Options and choose vBulletin Options |
3 > Choose Censorship Options |
4 > type &# in Censored Words section |
############################################################################# |
Our Website : http://www.datacoders.ir |
Special Thanks to : H-SK33PY , NEO , Sp|R|T , BigB4NG , 3r1ck , Dr.mute , |
hosinn , NIK , uones , mohammad_ir & all iranian datacoders members |
#############################################################################
- Copyright ©
.Hacking Cracking Tricks And Tutorials, Paid Scripts, Latest Exploits, 0Day Vulnerability, - Skyblue - Powered by Blogger - Designed by Johanes Djogan -
