Sunday, October 20, 2013

|| VBulletin upgrade.php Scanner and Admin Injector ||

You must have heard about the VB upgrade bug, which has been in wild for the past few days. Some opportunists defaced some popular forums using this same bug. Many sites have been patched but still there's plenty of fish in the sea, if you use the right dorks.

Well, I have coded a hunter (PHP tool/script) for that bug. This scripts takes a Google dork from the user and searches for vulnerable VBulletin forums on google and gives you an option to inject an administrator account there.

Main features:
x. Search Google results up to 50 pages.
x. Check each directory (for forums using weird URLs using VBSEO, etc)
x. Targets nulled VB scripts (irrelevant to this bug)
x. Show Alexa rank of vulnerable websites.
x. Single-click administrator account injector.
x. Save vulnerable sites along with alexa rank as 0wn3dLogs.txt
And more...

Here is the screenshot of this PHP tool in action:
I recommend it to use on localhost (Xampp, etc) using proxy. After 10 - 20 scans, Google will backlist your I.P. So you can just change the proxy.

Download both files

1 comment:

  1. It gives an error

    Fatal error: Call to undefined function curl_init() in ***
    where *** refers to the file location of g00n.php on my drive

    Need solution for this !