Bug vBulletin - DBTech vBDonate SQLi 0day

Status
Not open for further replies.
John MacKinnon

John MacKinnon

New member
Not sure if you guys are aware of this vulnerability:

The vulnerability exists within - /dbtech/vbdonate/actions/dodonate.php

The vulnerability exists due to multi-escaping.

Code: 
Line 1: $dbt_vbd_donate_params = explode('|', $db->escape_string($vbulletin->GPC['amount']));Line 2: $dbt_vbd_donate_amount = $vbulletin->GPC['amount'];  Line 3: " . $db->escape_string($dbt_vbd_donate_amount) . ",


Exploit POC

http://site.com/vbdonate.php?do=dodonate
POST amount=5.00[SQL]

Example:
http://puu.sh/17C6f
 
This does not exist in v1.3.0 of the files.

However, it was an issue in v1.2.1, but has been fixed in v1.2.2 and v1.3.0 :)
 
Status
Not open for further replies.

Similar threads

Nirjonadda
  • Locked
  • Support ticket Support ticket
Bug Error on View My Contributions
Tags Tags
download dragonbyte tech error mods news php post thread upgrade url vbdonate vbecommerce vbulletin vbulletin mods view
Replies
3
Views
833
Ozzy47
Ozzy47
Ambro
  • Locked
  • Support ticket Support ticket
Bug Invalid SQL, Vbulletin 4.22 @ VbDonate V1.4.5
Tags Tags
4.2 bug database database error error footer issue manual number php server update url vbdonate vbulletin version
Replies
4
Views
1K
Mokonzi
Mokonzi
Fillip H.
Security Hotfix: vBDonate v1.2.2
Replies
0
Views
1K
Fillip H.
Fillip H.
Dylan
Security Hotfix: vBQuiz v1.2.5
Replies
0
Views
1K
Dylan
Dylan
J
  • Locked
  • Support ticket Support ticket
Bug Archive listing db error
Tags Tags
4.2 error forums issue manual number php profile server update url vbulletin version
Replies
2
Views
739
Mokonzi
Mokonzi

Legacy vBDonate

vBulletin 4.x.x
Seller
Mokonzi
Release date
Last update
Total downloads
877
Customer rating
0.00 star(s) 0 ratings
Back
Top