[MyBB/vBulletin/IPB]
In this thread I will gather some of the exploits for forum softwares.
Hope you like it.
Hope you like it.
MyBB
MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit [2]
MyBulletinBoard (MyBB) <= 1.03 Multiple SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.03 (misc.php COMMA) SQL Injection
MyBulletinBoard (MyBB) <= 1.04 (misc.php COMMA) SQL Injection (2)
MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit
MyBulletinBoard (MyBB) <= 1.1.3 (usercp.php) Create Admin Exploit
MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit
MyBulletinBoard (MyBB) <= 1.2.2 (CLIENT-IP) SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.2.5 calendar.php Blind SQL Injection Exploit
MyBulletinBoard (MyBB) <= 1.2.10 Remote Code Execution Exploit
MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit
MyBB Plugin Custom Pages 1.0 Remote SQL Injection Vulnerability
MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit (2)
MyBB <= 1.4.6 Remote Code Execution Exploit
MyBB v1.6 Full Path Disclosure Vulnerability
vBulletin
Version based:
vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability
vBulletin 3.8.x - EggAvatar 2.3.2 Local File Read
vBulletin 3.8.x - EggAvatar SQL Injection Vulnerability
vBulletin 3.6.8 and 3.7.x - cChatBox SQL Injection Vulnerability
vBulletin 4.0.8 PL1 XSS Filter Bypass within Profile Customization
vBulletin 4.0.8 - Persistent XSS via Profile Customization
vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability
vBulletin® 3.8.6 faq.php Information Disclosure Vulnerability
vBulletin DOS - all version
Vbulletin 4.0.2 Blog - Title XSS Vulnerability
vBulletin v 2.3 .* SQL Injection Vulnerability
vBulletin 3.0.0 XSS Vulnerability
vBulletin v3.5.2 XSS Vulnerabilities
vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit
vBulletin <= 3.6.4 (inlinemod.php postids) Remote SQL Injection Exploit
vBulletin <= 3.0.8 Accessible Database Backup Searcher (update 3)
vBulletin <= 3.0.6 (Template) Command Execution Exploit (metasploit)
vBulletin <= 3.0.6 php Code Injection
vBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2)
vBulletin <= 3.0.4 "forumdisplay.php" Code Execution
Non-Version based:
Point Market System 3.1x vbulletin plugin SQLi Vulnerability
vBulletin misc.php Template Name Arbitrary Code Execution
vBulletin "Cyb - Advanced Forum Statistics" DOS
vBulletin Denial of Service Vulnerability
vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability
vBulletin Radio and TV Player Add-On HTML Injection Vulnerability
vBulletin vbBux/vbPlaza <= 2.x (vbplaza.php) Blind SQL Injection Vuln
vBulletin - Secure Downloads v2.0.0r SQL Injection Vulnerability
vBulletin Mod RPG Inferno 2.4 (inferno.php) SQL Injection Vulnerability
vBulletin vBGSiteMap 2.41 (root) Remote File Inclusion Vulnerabilities
vBulletin ImpEx <= 1.74 Remote Command Execution Exploit
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
vBulletin LAST.PHP SQL Injection Vulnerability
IP.Board [IPB]
IPB 3.0.1 sql injection exploit
IPB (nv2) Awards > 1.1.0 SQL Injection PoC
D2-Shoutbox 4.2 IPB Mod (load) Remote SQL Injection Exploit
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
Enjoy.
0 comments:
Post a Comment