Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 15
Members Online: 2

Registered Members: 82909
Newest Member: awais
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

vBulletin Version 3.7.0 exploits


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-08-08 00:35
Any one know any, i tried the faq.php injection one , and didnt work, and XSS doesnt seem to work.

Any ideas?
Author

RE: vBulletin Version 3.7.0 exploits


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-08-08 00:41
huh?? not sure if your calling me a script kiddie ?
Author

RE: vBulletin Version 3.7.0 exploits


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-08-08 01:10
EMOKID wrote:
Any one know any, i tried the faq.php injection one , and didnt work, and XSS doesnt seem to work.

Any ideas?


Get your nose out of someone else's hard-working ass and think for yourself?


Author

RE: vBulletin Version 3.7.0 exploits


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-08-08 01:19
moshbat wrote:
Hey, leave the guy be. I've given him enough shit before to last him a few years.

Haven't I?


I don't know... I wasn't here, remember? Pfft


Author

RE: vBulletin Version 3.7.0 exploits


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-08-08 02:39
im not asking for someone to go and test it for exploits etc. just want to know if anyone knows any or has any ideas of ones i should try, and whats wrong with asking for help??
Author

RE: vBulletin Version 3.7.0 exploits


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-08-08 02:56
EMOKID wrote:
im not asking for someone to go and test it for exploits etc. just want to know if anyone knows any or has any ideas of ones i should try, and whats wrong with asking for help??


Nothing is wrong with asking for help... but, you asked a very open-ended question. Boiled down, it looks like this:

"How can I hack vBulletin version 3.7?"

Asking if anyone has any ideas for what you could try is like asking how many different attack vectors there are for a web application.

A good place to start, when starting out, is to scope all of the available inputs for a site. Then, classify them based upon what you perceive to be the most open-ended; inputs that seem to allow more freedom of content (such as allowing BBCode or limited HTML) should be the first ones you test. Also, GET variables should go at the top of the list. Then, aim for inputs that seem less likely to be sanitized because of static content or limitations (such as text fields that have a size limit set or select fields that have a limited number of options). Attempt various injection techniques upon the fields according to the perceived type; SQL and blind SQL injections for all inputs that are likely to end up in a query, HTML injections for inputs that are likely to be displayed on the page in some fashion, etc. Try invalid or broken data in inputs in an attempt to expose helpful error messages that might give you insight as to the database structure or expected values (i.e., applied functions to inputs on the server-side).

Basically, apply the concepts that you will learn of on this site (and hopefully read more about in articles here or elsewhere) in a methodical and organized fashion. Take the attempt seriously, and you will reap rewards whether you compromise the web app or not.


Author

RE: vBulletin Version 3.7.0 exploits

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 26-08-08 07:51
My advice: Listen to Zephyr_Pure :happy: he's totally right.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/