Tuesday, 30 December 2014

vBulletin 4.x.x and 5.x.x Upgrade 0day Exploit (LEAK)

So, Haxors waiting is finally come to an end. Here is vBulletin 4.x.x and 5.x.x 0Day exploit.
Now it is public, So use it…
1) At First Download the script from given below links

after that upload the script  on a web directory with the name of index.php
2) Then find a vBulletin 4 or 5 target
(Google dork : inurl:/vb/install/upgrade.php )
3) Make sure it has a “/install/finalupgrage.php” or “/install/upgrade.php” or “/install/update.php” file in it
4) Go to site.com/install/upgrade.php and right click the page and see source code. Find var CUSTNUMBER =
 Once found , copy it…
5) Then open that directory (Exploit) in new tab
6) After that paste that CUSTNUMBER into the Customer I.D box {It will be something like var CUSTNUMBER = “014d56f11dde4b46e39e7ae7978a954d“; which is the md5 of the customer’s number(used to access vBulletin.com members area), a 12-character uppercase string }

Fill in the other box’s such as site URL, Username, Password and Email.
7) Once done, click Inject Admin and let the page load.
8) Thats all, now go to the forum and login with the login deBlockedls which you injected the site with.
=>> Now u cracked (Have fun doing that Big Grin ) and you can re-install the forum and access the administrators area Wink.

Greets: Thanks To that person who leak this Exploit and give it to me and also a very special thanks to Madleets

PS: Respect to real Creator of this Exploit (Y)