• vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
    Disclosure Date: 2020-08-09
    First seen: 2020-08-12
    exploit/multi/http/vbulletin_widget_template_rce
    This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widget_tabbedcontainer_tab_panel' template while also providing the 'widget_php' argument. This causes the former template to load the latter bypassing filters originally put in place to address 'CVE-2019-16759'. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux. Authors: - Zenofex <zenofex@exploitee.rs>
  • vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
    Disclosure Date: 2020-03-12
    First seen: 2020-06-02
    auxiliary/gather/vbulletin_getindexablecontent_sqli
    This module exploits a SQL injection vulnerability found in vBulletin 5.x.x to dump the user table information or to dump all of the vBulletin tables (based on the selected options). This module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux. Authors: - Charles Fol <folcharles@gmail.com> - Zenofex <zenofex@exploitee.rs>
  • vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
    Disclosure Date: 2020-03-12
    First seen: 2020-06-02
    exploit/multi/http/vbulletin_getindexablecontent
    This module exploits a SQL injection vulnerability found in vBulletin 5.6.1 and earlier This module uses the getIndexableContent vulnerability to reset the administrators password, it then uses the administrators login information to achieve RCE on the target. This module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux distribution. Authors: - Charles Fol <folcharles@gmail.com> - Zenofex <zenofex@exploitee.rs>
  • vBulletin widgetConfig RCE
    Disclosure Date: 2019-09-23
    First seen: 2020-04-26
    exploit/multi/http/vbulletin_widgetconfig_rce
    vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
  • vBulletin 5.1.2 Unserialize Code Execution
    Disclosure Date: 2015-11-04
    First seen: 2020-04-26
    exploit/multi/http/vbulletin_unserialize
    This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9 Authors: - Netanel Rubin - cutz - Julien (jvoisin) Voisin
  • vBulletin Administrator Account Creation
    Disclosure Date: 2013-10-09
    First seen: 2020-04-26
    auxiliary/admin/http/vbulletin_upgrade_admin
    This module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This module has been tested successfully on vBulletin 4.1.5 and 4.1.0. Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection
    Disclosure Date: 2013-03-25
    First seen: 2020-04-26
    exploit/unix/webapp/vbulletin_vote_sqli_exec
    This module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This module uses the sqli to extract the web application's usernames and hashes. With the retrieved information tries to log into the admin control panel in order to deploy the PHP payload. This module has been tested successfully on VBulletin Version 5.0.0 Beta 13 over an Ubuntu Linux distribution. Authors: - Orestis Kourides - juan vazquez <juan.vazquez@metasploit.com>
  • vBulletin Password Collector via nodeid SQL Injection
    Disclosure Date: 2013-03-24
    First seen: 2020-04-26
    auxiliary/gather/vbulletin_vote_sqli
    This module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This module can be used to extract the web application's usernames and hashes, which could be used to authenticate into the vBulletin admin control panel. Authors: - Orestis Kourides - sinn3r <sinn3r@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com>
8 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!