A new vBulletin exploit for sale has appeared on Trojanforge.com. The seller wants 1.2k for it and claims it works with all vBulletin’s 5 and up including the beta versions.
Thread info:
The vulnerability works on any version of vBulletin 5, including all Beta versions.
In the brought package you`ll get a guide with images and the steps required to archeive the vulnerability.
+--------------------------------------------------------------------+ |#Title: vBulletin 5 SQL Injection > Beta Whatever |#Author: 0x0A |#Date: Dec 11, 2012 |#Type: SQL Injection |#Homepage: hackyard.net/ /- trojanforge.com |#Version: 5 > Beta XX |#Verified! +---------------------------------------------------------------------+
The sale has been verified by the admins of the forum, you can find the thread here: http://trojanforge.com/showthread.php?t=1760.
Actually this Vbulletin 5 exploit is fake===the admin of trojanforge is himself “0x0A” who is trying to sell this FAKE 0day to make his forum popular over the malware scene.
Admin= 001 (BUNNN)
Alex (KUBANO)
both are kids if you do research in the scene.
No it`s not, 0x0A it`s not the same person as 001(BUNNN). All I know, 0x0A it`s a fictive account made to post that announce. The seller can be trust, the only reason he decided to post on TrojanForge was that he knows the owner(BUNNN), who have a big community with lot of people who may brought it. Why not on any other forum? Simply, because of trust, and the exploit should be verified by strange people. 0x0A`s other identity isn`t a big secret, I asked a few people and told me his other nickname that I saw on Google hall of fame, so I can say this is not an skiddie method of advertising.
I`m talking as a Hackyard Security Group member, and i can tell you guys 0x0A and BUNNN are not kids at all.
BUNNN own trojanforge community
And 0x0A is Administrator on Hackyard Security Group.
Also 0x0A apear several times on google hall of fame, with various vulnerabilities found. (Of course with his real nickname)
BUNNN is the creator of FatherCrypter (One of the best crypters ever)
So, think again before making false afirmations.
Although, I did sense something a bit fishy, when I was e-mailed this story, so I wouldn’t be at all surprised if this was a advertising stunt.
Just an publicity stunt to make his forum popular in this kiddy way
i agree 0x0A is admin on hys but it’s just an game BUNNN likes to play to make his forum better.
add me on jabber and i will show you few pr00fs
Erm why is there someone called deadlyv? Are you trying to impersonate me or some shit?
For this bullshit created, check the thread for last time and check the proof that was posted.
http://trojanforge.com/showthread.php?t=1760&p=14149&viewfull=1#post14149
Or if you`re lazy, http://img577.imageshack.us/img577/1766/moloz1.png ; http://img59.imageshack.us/img59/479/moloz2.png
The exploit is for real, and still for available for selling.
There`s nothing about advertising. Don`t make false afirmations.