PrOReBeLL
Paling Cool Di PCT
Jumlah posting : 140
Join date : 13.09.10
Lokasi : Pekanbaru
 |  Subyek: vBulletin(R) 3.8.6 faq.php Information Disclosure Vulnerability Fri Oct 08, 2010 11:54 pm | |
| ya langsung aja… Dork : “Powered by vBulletin® Version 3.8.6″ contoh target kita [You must be registered and logged in to see this link.]langsung klik bagian FAQ => masukan keyword “Database” atau “database” lihat apa yang kluar [You must be registered and logged in to see this image.]ga semua bise seh… lihat bagian “/install/vbulletin-language.xml” <–ini penyebab site itu vuln jadi [You must be registered and logged in to see this link.]di bagian “database_ingo”
Database Name: {$vbulletin->config['Database']['dbname']}
Database Host: {$vbulletin->config['MasterServer']['servername']}
Database Port: {$vbulletin->config['MasterServer']['port']}
Database Username: {$vbulletin->config['MasterServer']['username']}
Database Password: {$vbulletin->config['MasterServer']['password']}
jadi jika di search dibagian FAQ nya maka akan mengeluarkan informasi yang bisa merusak site tsb… sumber : [You must be registered and logged in to see this link.] | |
|
mistervinblack
Neo Member
Jumlah posting : 3
Join date : 14.12.10
| | Subyek: Re: vBulletin(R) 3.8.6 faq.php Information Disclosure Vulnerability Wed Dec 22, 2010 6:14 am | |
| kalo mau iseng2 liat lagi coba aja masuk ke mari untuk live demonya, bisik-bisik.us tapi jangan di poked yah  | |
|
