PrOReBeLL Paling Cool Di PCT
Jumlah posting : 140 Join date : 13.09.10 Lokasi : Pekanbaru
| Subyek: vBulletin(R) 3.8.6 faq.php Information Disclosure Vulnerability Fri Oct 08, 2010 11:54 pm | |
| ya langsung aja… Dork : “Powered by vBulletin® Version 3.8.6″ contoh target kita [You must be registered and logged in to see this link.]langsung klik bagian FAQ => masukan keyword “Database” atau “database” lihat apa yang kluar [You must be registered and logged in to see this image.]ga semua bise seh… lihat bagian “/install/vbulletin-language.xml” <–ini penyebab site itu vuln jadi [You must be registered and logged in to see this link.]di bagian “database_ingo” Database Name: {$vbulletin->config['Database']['dbname']}
Database Host: {$vbulletin->config['MasterServer']['servername']}
Database Port: {$vbulletin->config['MasterServer']['port']}
Database Username: {$vbulletin->config['MasterServer']['username']}
Database Password: {$vbulletin->config['MasterServer']['password']}
jadi jika di search dibagian FAQ nya maka akan mengeluarkan informasi yang bisa merusak site tsb… sumber : [You must be registered and logged in to see this link.] | |
|
mistervinblack Neo Member
Jumlah posting : 3 Join date : 14.12.10
| Subyek: Re: vBulletin(R) 3.8.6 faq.php Information Disclosure Vulnerability Wed Dec 22, 2010 6:14 am | |
| kalo mau iseng2 liat lagi coba aja masuk ke mari untuk live demonya, bisik-bisik.us tapi jangan di poked yah | |
|