Hacking Vbulletin 3.8

Yaewahmilan's Avatar, Join Date: Jul 2009
Newbie Member
So, my buddy runs a server that is supported by Vbulletin 3.8.0 as of right now. He has a brute forcer trying for weeks now it seems which my buddy gloats that no one can get his username/password for admin abilities. Well, me being the good friend that I am want to prove him wrong. I'm not going to delete anything, I just want to log in take a screen shot email it to him showing that it is indeed possible.
What is the best hackish way to go about retrieving this? The login-attempt after 5 passwords is enabled. Thanks!
Hex00010's Avatar, Join Date: Jul 2009
Go4Expert Member
i guesss u dont know how to do research?

indiansword's Avatar, Join Date: Oct 2008
Security Expert
In latest version, as if now, there are no publicly released vulnerabilities. However, there is one XSS vulnerability available in "my ads" plugin, where you can get the forum redirected to your own site. So you can redirect users to a phishing site.
Hex00010's Avatar, Join Date: Jul 2009
Go4Expert Member
phising is by far the worst thign ever its gay as hell and u dont learn anything from it

xss can kiss my *** there is not knowledge of having to learn about it all you do is just inject script commands into the url

vbulletin i think has finally made it very secured due to all the **** tards releasing the exploits out to the public