what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2019-16759

Status Candidate

Overview

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Related Files

vBulletin 5.x Remote Code Execution
Posted Aug 13, 2020
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

tags | exploit, remote, php, code execution
systems | linux, ubuntu
advisories | CVE-2019-16759, CVE-2020-7373
SHA-256 | 1b0222ba8ccc40d3c85308ce0622667517301180b99d1570ccc4c4ea8d918333
vBulletin 5.x Remote Code Execution
Posted Aug 11, 2020
Authored by Zenofex | Site blog.exploitee.rs

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.

tags | exploit, remote, code execution, python
advisories | CVE-2019-16759
SHA-256 | 75285d166423ae5386979499db99854517134611016ac3d67d648a0aabebfe16
vBulletin 5.x Remote Code Execution
Posted Aug 11, 2020
Authored by Zenofex | Site blog.exploitee.rs

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.

tags | exploit, remote, code execution, bash
advisories | CVE-2019-16759
SHA-256 | 800381f3649a533440af653fbd52534ea9e111590ccf2388f4920393f6d270a2
vBulletin 5.5.4 Remote Command Execution
Posted Dec 10, 2019
Authored by mekhalleh | Site metasploit.com

This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.

tags | exploit, remote
advisories | CVE-2019-16759
SHA-256 | 326f81b545fe8313bbeed2d318b0e0e5050341b5d04a71833263a320f03d34af
vBulletin 5.x Pre-Auth Remote Code Execution
Posted Sep 28, 2019
Authored by r00tpgp | Site metasploit.com

vBulletin version 5.x pre-authentication remote code execution Metasploit module.

tags | exploit, remote, code execution
advisories | CVE-2019-16759
SHA-256 | 4a1da0e01f0e530ef718c51ed1bcd9f801cd9b4453516cc9e71b0d28bd47e9d1
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
Posted Sep 26, 2019
Authored by r00tpgp

Nmap NSE script that exploits a pre-authentication remote command execution vulnerability in vBulletin versions 5.x.

tags | exploit, remote
advisories | CVE-2019-16759
SHA-256 | 73ddb2f66da505ef87985f77f0bb71fc85619bd1e57d88f061543246f1899c3c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close