Our latest news and learning articles.
HOW TO MAKE COMBOS IN 2021 - DUMP FORUMS DATABASES - TOOLS INCLUDED
Dump Combos and Start earning 50K a month by selling HQ Dumped combos ✅
Today I will teach you about something, that is kind of a public way of dumping, but with the tools and information that I will share with you, it won't matter.
I am talking about vBulleting Forumrunner SQL injection exploit. It is an sqli vulnerability in all vBulletin versions from 3.6.0 - 4.2.3.
Note: for those that don't know, vbulletin is a forum Software, hence this will only help you dump FORUMS.
Now, to get to the point.
As said this is an SQL injection (SQLI) exploit. Although many people instantly think of SQLI Dumper when SQLI is said, this is not the same. SQLI dumper is not capable of locating and executing this vulnerability on sites, since there are different methods of sqli. Although you can get many stuff with sqli dumper, sib, and even if this exploit is publicly disclosed since 2016, you will get better results compared to the ones u get with the other tools, assuming you are bad at dorking since rarely someone is good nowadays.
I wanna state that Don Juji as well has written a comprehensive guide on this exploit as well, the difference between mine and his will be that I will give you the necessary tools to do this meaning you will require 0 knowledge in SQL or SQLi to be capable of using this to dump.
Before we jump into how to dump and the tools you will need to get URLs.
To get URLs there are many way, juji stated a site - publicwww.com which is a search engine for source codes that uses dorks as well, but you can also use google with google dorks, example:
Game "Powered by vBulletin® Version 4.2.3"
Now, once you get URLs, to use thise tool that scans if the site is vulnerable, you will need to parse them in form: http://domain.com (eg. https://sawstudiouser.com) Once you do that you will the tool to scan the urls if vulnerable. Originally this tool was made by @UnPirlaACaso , credits to him, and me and a friend did a small modification to it as well so it runs better.
URL to the tool (python) - https://anonfile.com/T8m9ybs5o9/ForumRunner_Tester_rar Password of .rar: xFeuqyY292mSK
It is fairly simple to use, what you do is load links in links.txt (in the parsed form I stated above) and run the tool. I would suggest you use a VPN no matter if on your rdp or on your PC, since this might result in reports for SQLi attempt in mass scan against your IP and can get your server terminated, or worse if you are doing it with your computer's IP.
Once you get your vulnerable urls, example:
you will need to dump them. To do this, there is a special tool prepared for you. This tool originally was coded by Don Juji, but it wasn't entirely functional, so me and a friend modified it and made it 100% working.
For this you will need to have bash installed on your machine, the tool is coded in bash. Download tool here: https://anonfile.com/32p9yds7oe/ForumRunner_Access_rar Password of .rar: uYiwm192Ome2
To use it it is pretty simple, open it using bash put the domain in parsed form (eg. https://sawstudiouser.com), click enter and it will ask you for table name. Now here is the tricky part since you will need to know what is the name of the table.
To do that you go into a browser, put domain and add
/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1)union select 1,2,3,(select (@x) from (select (@x:=0x00),(select (0) from (information_schema.tables)where (table_schema=database()) and (0x00) in (@x:=concat(@x,0x3c62723e,table_name))))x),5,6,7,8,9,10-- -
at the end of it and click enter. It will give you a list of all tables in the database, find the users one (it's commonly "user" or "vb_user").
Then go back in the dumper, put name of table and choose how many users you want to dump. Wait for it and it will download the db.How to check non vbv bins cards - New non Checker Tool.