Sunday, December 17, 2017
Home / Security / Exploits / vBulletin 5 SQLi being sold for 1.2k

vBulletin 5 SQLi being sold for 1.2k

A new vBulletin exploit for sale has appeared on  The seller wants 1.2k for it and claims it works with all vBulletin’s 5 and up including the beta versions.

Thread info:

The vulnerability works on any version of vBulletin 5, including all Beta versions.
In the brought package you`ll get a guide with images and the steps required to archeive the vulnerability.

|#Title: vBulletin 5 SQL Injection > Beta Whatever
|#Author: 0x0A
|#Date: Dec 11, 2012
|#Type: SQL Injection
|#Homepage: /-
|#Version: 5 > Beta XX

The sale has been verified by the admins of the forum, you can find the thread here:

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …

  • pr0t0typ3

    Actually this Vbulletin 5 exploit is fake===the admin of trojanforge is himself “0x0A” who is trying to sell this FAKE 0day to make his forum popular over the malware scene.

    Admin= 001 (BUNNN)
    Alex (KUBANO)

    both are kids if you do research in the scene.

  • Moloz

    No it`s not, 0x0A it`s not the same person as 001(BUNNN). All I know, 0x0A it`s a fictive account made to post that announce. The seller can be trust, the only reason he decided to post on TrojanForge was that he knows the owner(BUNNN), who have a big community with lot of people who may brought it. Why not on any other forum? Simply, because of trust, and the exploit should be verified by strange people. 0x0A`s other identity isn`t a big secret, I asked a few people and told me his other nickname that I saw on Google hall of fame, so I can say this is not an skiddie method of advertising.

  • S.C

    I`m talking as a Hackyard Security Group member, and i can tell you guys 0x0A and BUNNN are not kids at all.

    BUNNN own trojanforge community

    And 0x0A is Administrator on Hackyard Security Group.

    Also 0x0A apear several times on google hall of fame, with various vulnerabilities found. (Of course with his real nickname)

    BUNNN is the creator of FatherCrypter (One of the best crypters ever)

    So, think again before making false afirmations.

  • Zher0

    Although, I did sense something a bit fishy, when I was e-mailed this story, so I wouldn’t be at all surprised if this was a advertising stunt.

  • Deadlyv

    Just an publicity stunt to make his forum popular in this kiddy way

    i agree 0x0A is admin on hys but it’s just an game BUNNN likes to play to make his forum better.

    add me on jabber and i will show you few pr00fs

  • DeadlyVermilion

    Erm why is there someone called deadlyv? Are you trying to impersonate me or some shit?


    For this bullshit created, check the thread for last time and check the proof that was posted.

    Or if you`re lazy, ;
    The exploit is for real, and still for available for selling.
    There`s nothing about advertising. Don`t make false afirmations.