vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability
21:52
By
HACKERS
Software Link: http://www.vbulletin.org
Version: 3.8.4 & 3.8.5
Google dork 1 : powered by vBulletin 3.8.4
Google dork 2 : powered by vBulletin 3.8.5
Platform / Tested on: Multiple
Category: webapplicationsBUG :1 . Go to Http://[localhost]/path/register.php
2 . Assume that forum admin user name is ADMIN
3 . Type this at User Name ===> ADMIN�
4 . � is an ASCII Code
5 . And complete the other parameters
6 . Then click on Complete Registrarion
7 . Now you see that your user name like admin user name After this time the private messages to the user (ADMIN) to sending see for you is sending .
Patch : 1 . Go to AdminCP
2 . Click on vBulletin Options and choose vBulletin Options
3 . Choose Censorship Options
4 . type &# in Censored Words section
5 . Then click on Save
This works only with vBulletin 3.8.4 and 3.8.5 ,if it doesnt work,that means some other has already used that username u want also ,try to use an other admins username,if it wont work still,then that means they have fixed this problem !!
Written by Admin
ChromeGT is a modern, powerful and professional Blogger template made for your Portfolio, Business or almost any other kind of website.
Orta seviyede, Vbulletin forum kuruyorum ve arada zorlanıyorum ;)
ReplyDelete