vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5x The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument This causes the former template to load the latter bypassing filters originally put in p ...
This module exploits a logic bug within the template rendering code in vBulletin 5x
The module uses the vBulletin template rendering functionality to render the
'widget_tabbedcontainer_tab_panel' template while also providing the 'widget_php' argument
This causes the former template to load the latter bypassing filt ...
vBulletin 554 through 562 are vulnerable to a remote code execution
vulnerability caused by incomplete patching of the previous
"CVE-2019-16759" RCE This logic bug allows for a single pre-auth request
to execute PHP code on a target vBulletin forum
More info can be found at:
blogexploiteers/2020/exploiting-vbulletin-a-tale-of-patch ...
This module exploits a logic bug within the template rendering code in vBulletin 5.x.
The module uses the vBulletin template rendering functionality to render the
'widget_tabbedcontainer_tab_panel' template while also providing the 'widget_php' argument.
This causes the former template to load the latter bypassing filters originally put in place
to address 'CVE-2019-16759'. This also allows the exploit to reach an eval call with user input
allowing the module to achieve PHP remote code execution on the target. This module has been
tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.
msf > use exploit/multi/http/vbulletin_widget_template_rce
msf exploit(vbulletin_widget_template_rce) > show targets
...targets...
msf exploit(vbulletin_widget_template_rce) > set TARGET < target-id >
msf exploit(vbulletin_widget_template_rce) > show options
...show and set options...
msf exploit(vbulletin_widget_template_rce) > exploit
BTCMixingBowl
The entire source code for my Bitcoin Tumbler website, Includes the Unique BTC Address generator used to provide clients their own dedicated wallet address that they could remember or save, Whilst also giving the ability to destroy the unique address on request, No intervention required! - Full Members system also included with a SQL file with the default ADMIN a
Makura
A user-friendly CNC (Command & Control) panel based on CLI that recieves and executes commands
Features
Makura can retrieve commands through twitter, modify the file & replace your twitter within the first 10 lines afterwards run wget & makura will attempt to look for the word wget on your twitter, you can also modify the prefix to your choice
vBulletin RCE - BOT
The vBulletin team about the zero-day public disclosure, now tracked as CVE-2019-16759, the project maintainers today released security patches for vBulletin versions 552, 553, and 554
Requirements
PHP 7**
PHP cURL
Usage
php composerphar dump-autoload -o
php vBotphp list_targetstxt
Dork
intext:Powered
An open source CTF challenge for practicing insecure deserialization in PHP
ctf-insecure-deserialization
An open source CTF challenge for practicing insecure deserialization in PHP
Inspired by CVE-2019-16759
Just serve the folder in a web server (Apache for example) and access indexphp
This tools will extracts and dumps Email + SMTP from vBulletin database server
vBulletin RCE 5x Get Email + SMTP
CVE-2019-16759
This tools will extracts and dumps Email + SMTP from database server
USAGE
$ git clone githubcom/mas1337/CVE-2019-16759git && cd CVE-2019-16759
$ /vb-email-smtpsh listtxt
Disclaimer
All code on this repository is for educational purposes only and is not intended
vBulletin RCE - BOT
The vBulletin team about the zero-day public disclosure, now tracked as CVE-2019-16759, the project maintainers today released security patches for vBulletin versions 552, 553, and 554
Requirements
PHP 7**
PHP cURL
Usage
php composerphar dump-autoload -o
php vBotphp list_targetstxt
Dork
intext:Powered
Interactive-Like Command-Line Console for CVE-2019-16759
CVE-2019-16759 (vBulletin 50 < 554 - 'widget_php ' Unauthenticated Remote Code Execution)
Interactive-Like Command-Line Console for CVE-2019-16759
Usage:
python3 exploitpy
Enter the Site with Http/Https and Get the Shell :p
Makura
A user-friendly CNC (Command & Control) panel based on CLI that recieves and executes commands
Features
Makura can retrieve commands through twitter, modify the file & replace your twitter within the first 10 lines afterwards run wget & makura will attempt to look for the word wget on your twitter, you can also modify the prefix to your choice
[CVE-2019-16759]vBulletin_Routestring-RCE-PoC
A vulnerability has been discovered in vBulletin which could allow for remote code execution when a malicious POST request is sent to the vulnerable application
The vulnerability is due to an input validation error while parsing a HTTP request in the vulnerable module
System Affected :
vBulletin Version 500 ~ 554
(Updated Syst
vBulletin Mass Exploit CVE-2019-16759
Alert!
This tool was made for penetration testing CVE-2019-16759
We are not responsible for errors made by users of this tool
Installation and usage:
$ pkg install git python2
$ pip2 install requests
$ git clone githubcom/psychoxploit/vbull
$ cd vbull
Note:
Before you run this tool, make sure you have created a txt file that c