This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.
1b0222ba8ccc40d3c85308ce0622667517301180b99d1570ccc4c4ea8d918333vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.
75285d166423ae5386979499db99854517134611016ac3d67d648a0aabebfe16vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.
800381f3649a533440af653fbd52534ea9e111590ccf2388f4920393f6d270a2This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
326f81b545fe8313bbeed2d318b0e0e5050341b5d04a71833263a320f03d34afvBulletin version 5.x pre-authentication remote code execution Metasploit module.
4a1da0e01f0e530ef718c51ed1bcd9f801cd9b4453516cc9e71b0d28bd47e9d1Nmap NSE script that exploits a pre-authentication remote command execution vulnerability in vBulletin versions 5.x.
73ddb2f66da505ef87985f77f0bb71fc85619bd1e57d88f061543246f1899c3c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed