Curl and Vbulletin Login

Talon

I have searched all over the net, and here at PHPbuilders, and I am sorry to say that I couldn't find an accurate way of logging into Vbulletin with Curl. I have managed to login to PHPbb quite easily, and I have managed to login to boards like SMF and IPB. However, Vbulletin is posing quite a problem and I was wanting to know if any of you had found a method using Curl that would allow me to login to a vbulletin account with a supplied user name and password?

etully

If I remember correctly, vb uses a javascript trick when you login. You enter your username/password, click login, javascript encrypts the password, and only then is the user/pass sent to vb for login. Do a view source on the login page and you will see "A JavaScript implementation of the RSA Data Security" (or maybe it's in an included .js file). I think it might just be using MD5.

So all you have to do is MD5 the right strings before you pass them in with curl.

I'm not sure how this trick adds any security for them since a hacker is just as happy to login with the encrypted u/p as with the actual u/p but I haven't looked at their code for more than a few minutes.

halojoy

etully wrote:
If I remember correctly, vb uses a javascript trick when you login.
You enter your username/password, click login, javascript encrypts the password, and only then is the user/pass sent to vb for login.

Do a view source on the login page and you will see "A JavaScript implementation of the RSA Data Security"

This is what etully refers to.

The javascript file is called vbulletin_md5.js
And here is where it is called 'onsubmit'

<form action="../login.php" method="post" name="loginform"
 onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

function md5hash(input, output_html, output_utf, skip_empty)
{

brosdee

I have the same problem
I used liveHTTPHeaders to get copy of the md5 password and passed it to curl as part of the post data but yet I sitll couldnt log into the vbulletin forum.

i.e. vb_login_username=fooname&vb_login_password=foopass&s=&do=login&vb_login_md5password=xxxxx&vb_login_md5password_utf=xxxxx
and still couldn't login

halojoy wrote:
This is what etully refers to.

The javascript file is called vbulletin_md5.js
And here is where it is called 'onsubmit'
<form action="../login.php" method="post" name="loginform"
 onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

function md5hash(input, output_html, output_utf, skip_empty)
{