17 matches found
vBulletin Cross-Site Scripting Vulnerability
vBulletin is the United States InternetBrands and vBulletinSolutions, Inc. of a PHP and MySQL-based open source Web forum program . A cross-site scripting vulnerability exists in vBulletin version 5.x. The vulnerability stems from the lack of proper validation of client-side data by the WEB...
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...
vBulletin 5.x Remote Code Execution
!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2:...
Rash of Exploits Targets Critical vBulletin RCE Bug
A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...
Exploit for Code Injection in Vbulletin
PoC exploit for CVE-2019-16759, an RCE vulnerability in vBulleti...
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
description = vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 local http = require "http" local shortport = require "shortport" local vulns = require "vulns" local stdnse = require "stdnse" local string = require "string" --- -- @usage -- nmap -p...
Cross site request forgery (csrf)
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
vBulletin 5.x Pre-Auth Remote Code Execution
!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...
Fsociety Hacking Tools Pack
Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...
CVE-2015-3419
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...
CVE-2015-3419
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...
vBulletin 5.x - Remote Code Execution
Title: Vbulletin 5.x - Remote Code Execution Exploit + Product: vbulletin + Vendor: http://vbulletin.com + Vulnerable Versions: Vbulletin 5.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website : www.reza.es...
vBulletin 5.x / 4.x Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...
vBulletin 5.x Remote Administrator Injection
Remote administrator injection vulnerability in vBulletin upgrade.php Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...