17 thg 8, 2013

How To Hack vBulletin 4.1.10 Admin Control Panel

vBulletin 4.1.10 Vulnerability description:
When a new name and password is entered in a form and the form is submitted, the browser

asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.

.This vulnerability affects /admincp
.The impact of this vulnerability
.Possible sensitive information disclosure


Now I Will Tell You How To Hack Admin Cp
Mã:
vb_login_password
from form named loginform with
Mã:
action ../login.php?do=login
has autocomplete enabled.

IN That Way You Could Do Sql Injection

Other Vulnerabilty Found Also


The HTML comments of this page contain configuration information for Microsoft Frontpage Server Extensions. The configuration information includes the Frontpage version and may help an attacker to learn more about his target.
This vulnerability affects
Mã:
/_vti_inf.html.
To Attack It
example.com/admincp/_vti_inf.html
Or Use That Way
Mã:
example.com/_vti_inf.html

Không có nhận xét nào:

Đăng nhận xét