CVE-2019-16759 PoC — vBulletin 输入验证错误漏洞

Source

https://github.com/ludy-dev/vBulletin_Routestring-RCE

Associated Vulnerability

Title:vBulletin 输入验证错误漏洞 (CVE-2019-16759)
Description:vBulletin是美国InternetBrands和vBulletinSolutions公司的一款基于PHP和MySQL的开源Web论坛程序。 vBulletin 5.x版本至5.5.4版本中存在安全漏洞。攻击者可借助‘widgetConfig[code]’参数利用该漏洞执行命令。

Description

(CVE-2019-16759) vBulletin_Routestring-RCE

Readme

# [CVE-2019-16759]vBulletin_Routestring-RCE-PoC
A vulnerability has been discovered in vBulletin which could allow for remote code execution when a malicious POST request is sent to the vulnerable application. 
The vulnerability is due to an input validation error while parsing a HTTP request in the vulnerable module. 

System Affected : 

vBulletin Version 5.0.0 ~ 5.5.4 
(Updated System affected) vBulletin Version 5.0.0 ~ 5.6.2

Usage>

    python vBulletin_Routestring-RCE.py <dst_ip> <dst_port> (User defined port) 

    python vBulletin_Routestring-RCE.py <dst_ip> (default Port:80)   

Script was editted for Python3 


Not For attack. just using Vuln Test for your System

File Snapshot


 [4.0K]  /data/pocs/2b4298274149261dd17c55b780e6127044744017
├── [ 682]  README.md
└── [ 895]  vBulletin_Routestring-RCE.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!