BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly


Wednesday, February 1, 2012

SQL Injection On Vbulletin 4 [Group Exploit]

SQL Injection On Vbulletin 4 [Group Exploit]
Hey fellas,
Its been long time since i have posted a new tutorial . BUt like always , here is yet another quality tutorial
So most of us refer vbulletin as invulnerable . But , nothing is unvulnerable > So here is how to do it .

1.First get , Mozilla Firefox 3.6.17
2.Download the Live HTTP Headers addon for Mozilla Firefox.
3.Go to google and search this :
Quote:insite: Powered by vBulletin™ Version 4.1.2
4.Find a website that has forum version 4.0.0 to 4.1.2.
5.Now you need to be sure that groups are enabled for that website . Make sure it has groups or this will not work .
6. Now make an account on that forum .
7.Verify your account
8.Now go to the groups section and copy any of the group name .
9.Click on Advanced Search on the top.
10.Open the newly installed addon called LIVE HTTP headers. (Tools -> Liver HTTP Headers)
11. Now click on clear if the page is full.Make sure Capture is ticked or selected.
12.Now paste the group name in the "Keyword(s)" .
13.Make sure "Search Titles Only is selected .
14. Now click Search and make sure you are capturing on your live feed header.
15.So now you must get the group . If you have not , then you possibly did something wrong .Don't worry,try it again !
16.Now go to Live HTTP headers and scroll to the top.
17.Now you need to search for something like this : "type%5B%5D=7"It must be easily found and mostly is found underneath content length.
18.Select it so it is highlighted then click on replay.
19.Now a pop up box will appear with "process&searchthreadid=" at the end.
20.Now put any of these in the box according to your needs :

To see database:
Quote:&cat[0]=1) UNION SELECT database()#

To see tables:
Quote:&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
To see information on the first user:
Quote:&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

Now anyone can do the rest. It is tested and working
Hope you like my tutorial.
Thanks for reading.

©2011, copyright BLACK BURN


  1. The file(s) uploaded were too large to process.

  2. I really like your post.It's very informative and interesting. I really appreciate that.

    Mozilla Firefox Technical Support



7 Years Earning Experience

The Earning Source You Can Trust

Follow by Email