Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28671
HistoryOct 22, 2012 - 12:00 a.m.

Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

2012-10-2200:00:00
vulners.com
157

a bug in Vbulletin (blog_plugin_useradmin) v4.1.12 that allows to us to occur a Sql Injection
on a Remote machin.

#####################################

Exploit Title : Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

Author : IrIsT.Ir

Discovered By : Am!r

Home : http://IrIsT.Ir/forum

Software Link : http://www.Vbulletin.com/

Security Risk : High

Version : All Version

Tested on : GNU/Linux Ubuntu - Windows Server - win7

Dork : intext:"Powered By Vbulletin 4.1.12"

#####################################

Expl0iTs :

http://target.com/includes/blog_plugin_useradmin.php?do=usercss&u=[Sql]

#####################################

Greats : B3HZ4D - nimaarek - Net.W0lf - Dead.Zone - C0dex - SpooferNinja - TaK.FaNaR - Nafsh - BestC0d3r

0x0ptim0us - TaK.FaNaR - m3hdi - F@rid - Siamak.Black - H4x0r - dr.tofan - skote_vahshat -

d3c0d3r - Samim.S - Mr.Xpr & M.R.S.CO & Mr.Cicili & H-SK33PY & All Members In Www.IrIsT.Ir/forum

#############################