Skip to content

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce

License

Notifications You must be signed in to change notification settings

theLSA/vbulletin5-rce

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

vbulletin5 rce漏洞检测工具

0x00 概述

201909 vbulletion5(5.0.0-5.5.4)爆出rce漏洞(CVE-2019-16759),利用文件ajax/render/widget_php和post参数widgetConfig[code]可直接远程代码执行。

20200811,网上爆出CVE-2019-16759补丁可被绕过,利用ajax/render/widget_tabbedcontainer_tab_panel和构造post参数subWidgets[0][config][code]可直接远程代码执行。

本工具支持单url检测,cmdshell,get web shell(写入一句话木马),批量检测,批量getshell。

0x01 需求

python2.7

pip install requests

0x02 快速开始

使用帮助: python vbulletin5-rce.py -h

单url漏洞检测: python vbulletin5-rce.py -u "http://www.xxx.com/"

cmdshell: python vbulletin5-rce.py -u "http://www.xxx.com/" --cmdshell

单url getshell: python vbulletin5-rce.py -u "http://www.xxx.com/" --getshell

批量检测: python vbulletin5-rce.py -f urls.txt

批量getshhell: python vbulletin5-rce.py -f urls.txt --getshell

0x03 反馈

issus

gmail:lsasguge196@gmail.com

qq:2894400469@qq.com

About

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages