CVE-2019-16759

This repository contains a functional Python exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x (versions 5.0.0 to 5.5.4). The exploit leverages the 'widget_php' endpoint to execute arbitrary commands via the 'widgetConfig[code]' parameter, with a verification mechanism using an MD5 hash to confirm successful execution.

This repository contains a functional Python exploit for CVE-2019-16759, a remote code execution vulnerability in vBulletin 5.0.0-5.5.4. The exploit leverages the `widgetConfig[code]` parameter in the `ajax/render/widget_php` endpoint and includes a bypass for patched versions using `subWidgets[0][config][code]` in the `widget_tabbedcontainer_tab_panel` endpoint.

This repository contains a functional exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x. The script extracts email addresses and SMTP credentials from the database by leveraging a widget template injection flaw.

This repository contains a functional Python exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x. The exploit leverages the 'widget_php' endpoint to execute arbitrary commands via the 'widgetConfig[code]' parameter.

This repository contains a functional exploit for CVE-2019-16759, which targets an unauthenticated remote code execution vulnerability in vBulletin versions 5.0 to 5.5.4 via the 'widget_php' parameter. The exploit sends crafted POST requests to execute arbitrary commands on the target system.

This repository contains functional exploit code for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.0.0 to 5.5.4. The exploit leverages a widget configuration parameter to execute arbitrary commands via shell_exec.

This repository contains an NSE script for Nmap that detects the presence of CVE-2019-16759, a pre-authentication RCE vulnerability in vBulletin 5.x versions 5.0.0 to 5.5.4. The script scans for the vulnerability but does not include exploit code.

The repository contains functional exploit scripts for CVE-2019-16759, a remote code execution vulnerability in vBulletin. The scripts demonstrate the vulnerability by sending crafted HTTP requests to exploit the widget_tabbedcontainer_tab_panel endpoint, executing arbitrary commands.

The repository contains a Python script that scans for CVE-2019-16759 by checking for specific endpoints in vBulletin. It does not include functional exploit code for remote code execution but verifies the presence of vulnerable paths.

The repository contains a functional Python script that exploits CVE-2019-16759, an unauthenticated remote code execution vulnerability in vBulletin 5.x. The exploit sends a crafted POST request to the vulnerable endpoint to execute arbitrary commands.

This repository contains a functional exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin. The exploit is written in Python and targets vBulletin versions 5.0.0 through 5.5.4 by sending a crafted HTTP request to execute arbitrary commands.

This repository contains a functional exploit for CVE-2019-16759, a remote code execution vulnerability in vBulletin. The exploit leverages a widget template injection to execute arbitrary PHP code, bypassing authentication and uploading a shell.

The repository contains functional exploit scripts for CVE-2019-16759, a remote code execution vulnerability in vBulletin. The scripts leverage the widget_tabbedcontainer_tab_panel endpoint to inject PHP code via the subWidgets parameter, demonstrating RCE capabilities.

This exploit leverages a pre-authentication remote code execution vulnerability in vBulletin 5.x by injecting arbitrary commands via the 'widgetConfig[code]' parameter in an AJAX request. It establishes an interactive shell by executing system commands through 'shell_exec'.

This is a Metasploit module exploiting CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x. It leverages a widget rendering endpoint to execute arbitrary PHP code.

This Metasploit module exploits a remote command execution vulnerability in vBulletin 5.x through 5.5.4 via the widgetConfig[code] parameter in an ajax/render/widget_php POST request. It supports multiple payload types including Meterpreter (PHP In-Memory), Unix CMD, and Windows CMD.