# Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability
# Date: 29/08/2010
# Author: Immortal Boy
# Software Link: http://www.vbulletin.org
# Version: 3.8.4 & 3.8.5
# Google dork 1 : powered by vBulletin 3.8.4
# Google dork 2 : powered by vBulletin 3.8.5
# Platform / Tested on: Multiple
# Category: webapplications
# Code : N/A
# BUG : #########################################################################
1 > Go to Http://[localhost]/path/register.php
2 > Assume that forum admin user name is ADMIN
3 > Type this at User Name ===> ADMIN�
4 > � is an ASCII Code
5 > And complete the other parameters
6 > Then click on Complete Registrarion
7 > Now you see that your user name like admin user name
After this time the private messages to the user (ADMIN) to sending see for you is sending .
# Patch : #######################################################################
1 > Go to AdminCP
2 > Click on vBulletin Options and choose vBulletin Options
3 > Choose Censorship Options
4 > type &# in Censored Words section
5 > Then click on Save
#############################################################################
0 条评论。