Published: 24/09/2019 Updated: 21/07/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 800

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vbulletin vbulletin

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' =& ...

vBulletin version 5x pre-authentication remote code execution Metasploit module ...

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5x The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument This causes the former template to load the latter bypassing filters originally put in p ...

Nmap NSE script that exploits a pre-authentication remote command execution vulnerability in vBulletin versions 5x ...

This module exploits a logic bug within the template rendering code in vBulletin 5x The module uses the vBulletin template rendering functionality to render the 'widget_tabbedcontainer_tab_panel' template while also providing the 'widget_php' argument This causes the former template to load the latter bypassing filt ...

This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widget_tabbedcontainer_tab_panel' template while also providing the 'widget_php' argument. This causes the former template to load the latter bypassing filters originally put in place to address 'CVE-2019-16759'. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

msf > use exploit/multi/http/vbulletin_widget_template_rce
msf exploit(vbulletin_widget_template_rce) > show targets
    ...targets...
msf exploit(vbulletin_widget_template_rce) > set TARGET < target-id >
msf exploit(vbulletin_widget_template_rce) > show options
    ...show and set options...
msf exploit(vbulletin_widget_template_rce) > exploit

BTCMixingBowl The entire source code for my Bitcoin Tumbler website, Includes the Unique BTC Address generator used to provide clients their own dedicated wallet address that they could remember or save, Whilst also giving the ability to destroy the unique address on request, No intervention required! - Full Members system also included with a SQL file with the default ADMIN a

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce

vbulletin5 rce漏洞检测工具 0x00 概述 201909 vbulletion5(500-554)爆出rce漏洞（CVE-2019-16759），利用文件ajax/render/widget_php和post参数widgetConfig[code]可直接远程代码执行。 20200811，网上爆出CVE-2019-16759补丁可被绕过，利用ajax/render/widget_tabbedcontainer_tab_panel和构造post参数subWidgets[0][config][code]可直接远程�

Makura A user-friendly CNC (Command & Control) panel based on CLI that recieves and executes commands Features Makura can retrieve commands through twitter, modify the file & replace your twitter within the first 10 lines afterwards run wget & makura will attempt to look for the word wget on your twitter, you can also modify the prefix to your choice

vBulletin RCE - BOT The vBulletin team about the zero-day public disclosure, now tracked as CVE-2019-16759, the project maintainers today released security patches for vBulletin versions 552, 553, and 554 Requirements PHP 7** PHP cURL Usage php composerphar dump-autoload -o php vBotphp list_targetstxt Dork intext:Powered

vBulletin 5.x 未授权远程代码执行漏洞

CVE-2019-16759 vBulletin 5x 未授权远程代码执行漏洞 Ps：有些poc发包过去是403 ，而不是200 增强判断：echo md5('vBulletin'); 判断返回包中是否存在be4ea51d962be8308a0099ae1eb3ec63 print rtextsplit('be4ea51d962be8308a0099ae1eb3ec63')[0] CVE-2019-16759py import requests import sys if len(sysargv) != 2: sysexit(&q

Interactive-Like Command-Line Console for CVE-2019-16759

CVE-2019-16759 (vBulletin 50 < 554 - 'widget_php ' Unauthenticated Remote Code Execution) Interactive-Like Command-Line Console for CVE-2019-16759 Usage: python3 exploitpy Enter the Site with Http/Https and Get the Shell :p

CVE-2020-17496 POST /ajax/render/widget_tabbedcontainer_tab_panel?XDEBUG_SESSION_START=phpstorm HTTP/11 Host: localhost User-Agent: curl/7540 Accept: */* Content-Length: 100 Content-Type: application/x-www-form-urlencoded subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec("pwd"); exit; CV

Identify vulnerable (RCE) vBulletin 5.0.0 - 5.5.4 instances using Shodan (CVE-2019-16759)

Mass-Pwn-vBulletin Identify vulnerable (RCE) vBulletin 500 - 554 instances using Shodan (CVE-2019-16759) Requirements: Python >= 353 asyncio >= 343 aiohttp >= 361 ipaddress termcolor >= 110 tqdm >= 436 pyfiglet click >= 70 IPy >= 10 Gathering Hosts: This tool asynchronously iterates over vBulletin hosts on port

Mass Exploit CVE-2019-16759

vBulletin Mass Exploit CVE-2019-16759 Alert! This tool was made for penetration testing CVE-2019-16759 We are not responsible for errors made by users of this tool Installation and usage: $ pkg install git python2 $ pip2 install requests $ git clone githubcom/psychoxploit/vbull $ cd vbull Note: Before you run this tool, make sure you have created a txt file that c

Vbulletin RCE Exploit

CVE-2019-16759 Vbulletin RCE Exploits

CVE-2019-16759 vBulletin 5x未授权RCE批量检测脚本这漏洞挺鸡肋的，随便找了200多个，就5个存在这个洞接下来自行解决，php都有了，还不会反弹shell？

(CVE-2019-16759) vBulletin_Routestring-RCE

[CVE-2019-16759]vBulletin_Routestring-RCE-PoC A vulnerability has been discovered in vBulletin which could allow for remote code execution when a malicious POST request is sent to the vulnerable application The vulnerability is due to an input validation error while parsing a HTTP request in the vulnerable module System Affected : vBulletin Version 500 ~ 554 (Updated Syst

An open source CTF challenge for practicing insecure deserialization in PHP

ctf-insecure-deserialization An open source CTF challenge for practicing insecure deserialization in PHP Inspired by CVE-2019-16759 Just serve the folder in a web server (Apache for example) and access indexphp

This tools will extracts and dumps Email + SMTP from vBulletin database server

vBulletin RCE 5x Get Email + SMTP CVE-2019-16759 This tools will extracts and dumps Email + SMTP from database server USAGE $ git clone githubcom/mas1337/CVE-2019-16759git && cd CVE-2019-16759 $ /vb-email-smtpsh listtxt Disclaimer All code on this repository is for educational purposes only and is not intended

CWE-94 https://seclists.org/fulldisclosure/2019/Sep/31 https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.html http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.html http://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Execution.html http://packetstormsecurity.com/files/158829/vBulletin-5.x-Remote-Code-Execution.html http://packetstormsecurity.com/files/158830/vBulletin-5.x-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2020/Aug/5 http://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47437 https://github.com/theLSA/vbulletin5-rce

Get Started

CVE-2019-16759

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect