[-reb0rn_mybb_import7828]

Enjoy The Exploit Guys !

NOTE : I m not the author of this exploit .. I m just sharing with ABH users

# Exploit Title: Vbulletin Forum Backup Exploit
# Google Dork: allinurl:forumbackup
allinurl:forumbackup.sql
# Date: 14/9/2012
# Exploit Author: BeNji
# Vendor Homepage: http://www.BitsHacking.com
Software Link: http://www.vbulletin.com
# Version: All Versions
# Tested on: http://www.eyehorn.com
# CVE : [if one exists, or other VDB reference]

This is a simple vbulletin forum exploit !

With the help of this vulnerability you can hack database of vbulletin forums

Here is the instruction for exploit :

1- Go the google.com and search for this dork

DoRKS :

allinurl:forumbackup
allinurl:forumbackup.sql

2- Find the vulnerability links which looks like :

/wppublic/forumbackup/

/forum/Forumbackup/

/forums/Forumbackup/

/main/Forumbackup/

3 - Here Is the example URL for your demo : http://www.eyehorn.com/wppublic/forumbac...les%29.sql

4 - Open The Database And Check for 1st User Name and Pas

5 - Get The user name and crack the hash ! Thats All

Now to go the forum and login with Admin user name and password and deface the forum !

Credits :
BitsHacking Team

[premium_gfx]

wow noce...thanks for shareing with us

[LEGITimacy™]

Once these 0days get released either one, everyone on the planet has owned all the servers vulnerable to it on the first day or the finder of the 0day already took all the work into his own hands and exploited as many servers as he could before releasing it.

[Synchro]

You can still find some vulnerable sites with this.