Home / os / win7

vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerabilit

Posted on 29 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>vBulletin 3.8.4 &amp; 3.8.5 Registration Bypass Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================================
vBulletin 3.8.4 &amp; 3.8.5 Registration Bypass Vulnerability
=========================================================

   010101010101010101010101010101010101010101010101010101010  
   0                                                       0
   1  Iranian Datacoders Security Team 2010                1
   0                                                       0
   010101010101010101010101010101010101010101010101010101010
  
 
# Exploit Title: vBulletin 3.8.4 &amp; 3.8.5 Around Registration Vulnerability
# Date: 29/08/2010                           
# Author: Immortal Boy                    
# Software Link: http://www.vbulletin.org
# Version: 3.8.4 &amp; 3.8.5
# Google dork 1 : powered by vBulletin 3.8.4
# Google dork 2 : powered by vBulletin 3.8.5
# Platform / Tested on: Multiple
# Category: webapplications
# Code : N/A
  
#  BUG :  #########################################################################
  
1 &gt; Go to Http://[localhost]/path/register.php
 
2 &gt; Assume that forum admin user name is ADMIN
 
3 &gt; Type this at User Name ===&gt; ADMIN&amp;#00
 
4 &gt; &amp;#00 is an ASCII Code
 
5 &gt; And complete the other parameters
 
6 &gt; Then click on Complete Registrarion
 
7 &gt; Now you see that your user name like admin user name
  
After this time the private messages to the user (ADMIN) to sending see for you is sending .
 
 
#  Patch :  #######################################################################
 
1 &gt; Go to AdminCP
 
2 &gt; Click on vBulletin Options and choose vBulletin Options
 
3 &gt; Choose Censorship Options
 
4 &gt; type &amp;# in Censored Words section
 
5 &gt; Then click on Save
 
#############################################################################
 
Our Website : http://www.datacoders.ir
  
Special Thanks to : H-SK33PY , NEO , Sp|R|T , BigB4NG , 3r1ck , Dr.mute ,
 
hosinn , NIK , uones , mohammad_ir &amp;  all iranian datacoders members
  
#############################################################################


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-29]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :