SQL-Injection:
/joinrequests.php:
POST: <do=processjoinrequests&usergroupid=22&request[[SQL-Injection]]=0>
/modcp/announcement.php:
POST: <do=update&announcementid=1&start=24-07-05&end=30-07-05
&announcement[0]=[SQL-Injection]>
/modcp/thread.php:
POST: <do=dothreads&thread[forumid]=0XF>
POST: <do=dothreadssel&criteria=a:1:{s:7:"forumid";s:5:"aaaa'";}>
/modcp/user.php:
GET: <do=avatar&userid=0XF>
/admincp/admincalendar.php:
GET: <do=addcustom&calendarcustomfieldid=[SQL-Injection]>
GET: <do=addmod&calendarid=[SQL-Injection]>
GET: <do=addmod&calendarid=1&moderatorid=[SQL-Injection]>
GET: <do=deletecustom&calendarcustomfieldid=[SQL-Injection]>
POST: <do=doremoveholiday&holidayid=[SQL-Injection]>
GET: <do=edit&calendarid=[SQL-Injection]>
POST: <do=kill&calendarid=[SQL-Injection]>
POST: <do=killmod&$calendarmoderatorid=[SQL-Injection]>
GET: <do=remove&calendarid=[SQL-Injection]>
POST: <do=removemod&moderatorid=[SQL-Injection]>
POST: <do=saveholiday&holidayinfo[title]=sepro&holidayid=0XF>
POST: <do=update&calendar[daterange]=2002-2008&calendarid=0XF>
GET: <do=updateholiday&holidayid=0XF>
POST: <do=update&calendarid=1&calendar[daterange]=1970-2030&
calendar[0]=[SQL-Injection]>
POST: <do=updatemod&calendarid=1&moderatorid=[SQL-Injection]>
POST: <do=updatemod&moderatorid=1&moderator[calendarid]=[SQL-Injection]>
/admincp/cronlog.php:
POST: <do=doprunelog&cronid=0XF>
POST: <do=prunelog&cronid=0XF>
/admincp/email.php:
POST: <do=makelist&user[usergroupid][0]=[SQL-Injection]>
/admincp/help.php:
POST: <do=doedit&help[script]=1&help[0]=[SQL-Injection]>
/admincp/user.php:
GET: <do=find&orderby=username&limitnumber=[SQL-Injection]>
GET: <do=find&orderby=username&limitstart=[SQL-Injection]>
/admincp/usertitle.php:
GET: <do=edit&usertitleid=0XF>
GET: <do=pmuserstats&ids=0XF>
/admincp/language.php:
POST: <do=update&rvt[0]=[SQL-Injection]>
/admincp/phrase.php:
POST: <do=completeorphans&keep[0]=[SQL-Injection]>
/admincp/template.php:
GET: <do=editstyle&dostyleid=[SQL-Injection]>
GET: <do=editstyle&dostyleid=[SQL-Injection]>
POST: <do=revertall&dostyleid=[SQL-Injection]>
/admincp/thread.php:
POST: <do=dothreads&thread[forumid]=0XF>
/admincp/usertools.php:
POST: <do=updateprofilepic>
/admincp/vbugs_admin.php:
GET: <do=editseverity&vbug_severityid=[SQL-Injection]>
GET: <do=removeseverity&vbug_severityid=[SQL-Injection]>
GET: <do=updateseverity&vbug_severityid=[SQL-Injection]>
Загрузка произвольных файлов:
/admincp/image.php:
POST: <do=upload&table=avatar>
POST: <do=upload&table=icon>
POST: <do=upload&table=smilie>
XSS:
/modcp/index.php:
GET: <do=frames&loc=[XSS]>
/modcp/user.php:
GET: <do=gethost&ip=[XSS]>
/admincp/css.php:
GET: <do=doedit&dostyleid=1&group=[XSS]>
/admincp/index.php:
GET: <redirect=[XSS]>
GET: <do=frames&loc=[XSS]>
/admincp/user.php:
GET: <do=emailpassword&email=[XSS]>
/admincp/usertitle.php:
GET: <do=gethost&ip=[XSS]>
/admincp/language.php:
GET: <do=rebuild&goto=[XSS]>
/admincp/modlog.php:
GET: <do=view&orderby=[XSS]>
/admincp/template.php:
GET: <do=colorconverter&hex=[XSS]>
GET: <do=colorconverter&rgb=[XSS]>
GET: <do=modify&expandset=[XSS]>
Решение: обновить до версии vBulletin 3.0.9
