CVE-2019-16759 PoC — vBulletin 输入验证错误漏洞

Source

Associated Vulnerability

Title:vBulletin 输入验证错误漏洞 (CVE-2019-16759)
Description:vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Description

Mass Exploit CVE-2019-16759

Readme

# vBulletin Mass Exploit CVE-2019-16759
--------------------------------------
![vBulletin Mass Exploit](https://i.ibb.co/t2vy7kv/Screenshot-2020-02-21-05-27-44-789-com-termux.png)
--------



### Alert!
-------
**This tool was made for penetration testing CVE-2019-16759.**<br/>
**We are not responsible for errors made by users of this tool.**<br/>
### Installation and usage:

**$** pkg install git python2<br/>
**$** pip2 install requests<br/>
**$** git clone https://github.com/psychoxploit/vbull<br/>
**$** cd vbull<br/>

**Note:**<br/>
Before you run this tool, make sure you have created a txt file that contains http://target.tld/ or http://target.tld/path/<br/>
http: // or https: // and the right slash (/) after the domain name or path name, it's very important.<br/>
if there are no such signs, chances are this tool doesn't work the way you want it to.<br/>

if you already have it you can use these tools to your heart's content!<br/>

**$** python2 vbull.py<br/>

Good luck!

File Snapshot


 [4.0K]  /data/pocs/9ff8503233997f93576e99ff6e1fae510b15dcce
├── [ 991]  README.md
└── [ 20K]  vbull.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!