1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacking Vbulletin 3.8

Discussion in 'Ethical hacking' started by Yaewahmilan, Jul 12, 2009.

  1. Yaewahmilan

    Yaewahmilan New Member

    Joined:
    Jul 12, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    So, my buddy runs a server that is supported by Vbulletin 3.8.0 as of right now. He has a brute forcer trying for weeks now it seems which my buddy gloats that no one can get his username/password for admin abilities. Well, me being the good friend that I am want to prove him wrong. I'm not going to delete anything, I just want to log in take a screen shot email it to him showing that it is indeed possible.
    What is the best hackish way to go about retrieving this? The login-attempt after 5 passwords is enabled. Thanks!
     
  2. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
  3. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    In latest version, as if now, there are no publicly released vulnerabilities. However, there is one XSS vulnerability available in "my ads" plugin, where you can get the forum redirected to your own site. So you can redirect users to a phishing site.
     
  4. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    phising is by far the worst thign ever its gay as hell and u dont learn anything from it

    xss can kiss my *** there is not knowledge of having to learn about it all you do is just inject script commands into the url

    vbulletin i think has finally made it very secured due to all the **** tards releasing the exploits out to the public
     

Share This Page