exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Orestis Kourides

vBulletin Password Collector via nodeid SQL Injection

Posted Aug 31, 2024

Authored by sinn3r, juan vazquez, Orestis Kourides | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This Metasploit module can be used to extract the web applications usernames and hashes, which could be used to authenticate into the vBulletin admin control panel.

tags | exploit, web, sql injection

advisories | CVE-2013-3522

SHA-256 | 9953eec6fb67362ca052bf437373a2bec59f84c7bb8d3f92c3865a42e0402bf8

Download | Favorite | View

vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection

Posted Dec 10, 2013

Authored by juan vazquez, Orestis Kourides | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This Metasploit module uses the sqli to extract the web application's usernames and hashes. With the retrieved information tries to log into the admin control panel in order to deploy the PHP payload. This Metasploit module has been tested successfully on VBulletin Version 5.0.0 Beta 13 over an Ubuntu Linux distribution.

tags | exploit, web, php, sql injection

systems | linux, ubuntu

advisories | CVE-2013-3522, OSVDB-92031

SHA-256 | 9d8efb0cad2d070a8f7a77f67fe384b7478ccfb79465861ec1f1764abe23a5f1

Download | Favorite | View