Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Hacking Vbulletin 3.8 (http://www.go4expert.com/forums/hacking-vbulletin-38-t18491/)

Yaewahmilan 12Jul2009 12:07

Hacking Vbulletin 3.8
So, my buddy runs a server that is supported by Vbulletin 3.8.0 as of right now. He has a brute forcer trying for weeks now it seems which my buddy gloats that no one can get his username/password for admin abilities. Well, me being the good friend that I am want to prove him wrong. I'm not going to delete anything, I just want to log in take a screen shot email it to him showing that it is indeed possible.
What is the best hackish way to go about retrieving this? The login-attempt after 5 passwords is enabled. Thanks!

Hex00010 23Jul2009 01:57

Re: Hacking Vbulletin 3.8
i guesss u dont know how to do research?


indiansword 23Jul2009 02:24

Re: Hacking Vbulletin 3.8
In latest version, as if now, there are no publicly released vulnerabilities. However, there is one XSS vulnerability available in "my ads" plugin, where you can get the forum redirected to your own site. So you can redirect users to a phishing site.

Hex00010 23Jul2009 02:56

Re: Hacking Vbulletin 3.8
phising is by far the worst thign ever its gay as hell and u dont learn anything from it

xss can kiss my *** there is not knowledge of having to learn about it all you do is just inject script commands into the url

vbulletin i think has finally made it very secured due to all the **** tards releasing the exploits out to the public

All times are GMT +5.5. The time now is 22:49.