Ok so made lil video of me playing about with this little DD (Directory Disclosure) vuln in the DGT releases of vBulletin but it was too big to upload so heres some scrennshots!
Boxheads Site!
[slide]http://www.imgcentre.com/img/uploads/big/5637a1331e.png[/slide]
Boxheads Files (http://belegit.org/validator.php)
[slide]http://www.imgcentre.com/img/uploads/big/0c81f0f865.png[/slide]
Database ive collected
Via this method i have also rooted 2 sites !
Things you should do!
1. Go phpBB
2. Remove the validator.php script!
3. Remove any other scripts thats not needed!
4. Rename ModCp and AdminCp to summat else
5. DO NOT STORE BACKUPS ON htdocs .... and especially with names like backup.sql
PLEASE CHECK IF YOU HAVE THIS FILE ON YOUR SERVER ID SO DELETE ASAP!!!!
I had database from about 12 people who entered the chat the other day, but you all know your DBS are safe and im trusted but others aint!
DELETE them asap!
Proof: http://belegit.org/validator.php - http://vbteam.info/validator.php
SAY THANKS IF THIS HELPED YOU
Shouts to warezdeamon for this aswell lol
vBulletin & IPB Vulns!
Boxheads Site!
[slide]http://www.imgcentre.com/img/uploads/big/5637a1331e.png[/slide]
Boxheads Files (http://belegit.org/validator.php)
[slide]http://www.imgcentre.com/img/uploads/big/0c81f0f865.png[/slide]
Database ive collected
Via this method i have also rooted 2 sites !
Things you should do!
1. Go phpBB
2. Remove the validator.php script!
3. Remove any other scripts thats not needed!
4. Rename ModCp and AdminCp to summat else
5. DO NOT STORE BACKUPS ON htdocs .... and especially with names like backup.sql
PLEASE CHECK IF YOU HAVE THIS FILE ON YOUR SERVER ID SO DELETE ASAP!!!!
I had database from about 12 people who entered the chat the other day, but you all know your DBS are safe and im trusted but others aint!
DELETE them asap!
Proof: http://belegit.org/validator.php - http://vbteam.info/validator.php
SAY THANKS IF THIS HELPED YOU
Shouts to warezdeamon for this aswell lol