CVE-2019-16759

This is a Metasploit module exploiting CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x. It leverages a widget rendering endpoint to execute arbitrary PHP code.

This exploit leverages a pre-authentication remote code execution vulnerability in vBulletin 5.x by injecting arbitrary commands via the 'widgetConfig[code]' parameter in an AJAX request. It establishes an interactive shell by executing system commands through 'shell_exec'.

This repository contains a functional Python exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x (versions 5.0.0 to 5.5.4). The exploit leverages the 'widget_php' endpoint to execute arbitrary commands via the 'widgetConfig[code]' parameter, with a verification mechanism using an MD5 hash to confirm successful execution.

This repository contains a functional Python exploit for CVE-2019-16759, a remote code execution vulnerability in vBulletin 5.0.0-5.5.4. The exploit leverages the `widgetConfig[code]` parameter in the `ajax/render/widget_php` endpoint and includes a bypass for patched versions using `subWidgets[0][config][code]` in the `widget_tabbedcontainer_tab_panel` endpoint.

This repository contains a functional exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x. The script extracts email addresses and SMTP credentials from the database by leveraging a widget template injection flaw.

This repository contains a functional Python exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.x. The exploit leverages the 'widget_php' endpoint to execute arbitrary commands via the 'widgetConfig[code]' parameter.

This repository contains functional exploit code for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin 5.0.0 to 5.5.4. The exploit leverages a widget configuration parameter to execute arbitrary commands via shell_exec.

This repository contains a functional exploit for CVE-2019-16759, which targets an unauthenticated remote code execution vulnerability in vBulletin versions 5.0 to 5.5.4 via the 'widget_php' parameter. The exploit sends crafted POST requests to execute arbitrary commands on the target system.

This repository contains an NSE script for Nmap that detects the presence of CVE-2019-16759, a pre-authentication RCE vulnerability in vBulletin 5.x versions 5.0.0 to 5.5.4. The script scans for the vulnerability but does not include exploit code.

The repository contains a Python script that scans for CVE-2019-16759 by checking for specific endpoints in vBulletin. It does not include functional exploit code for remote code execution but verifies the presence of vulnerable paths.

The repository contains functional exploit scripts for CVE-2019-16759, a remote code execution vulnerability in vBulletin. The scripts demonstrate the vulnerability by sending crafted HTTP requests to exploit the widget_tabbedcontainer_tab_panel endpoint, executing arbitrary commands.

The repository contains a functional Python script that exploits CVE-2019-16759, an unauthenticated remote code execution vulnerability in vBulletin 5.x. The exploit sends a crafted POST request to the vulnerable endpoint to execute arbitrary commands.

The repository contains functional exploit scripts for CVE-2019-16759, a remote code execution vulnerability in vBulletin. The scripts leverage the widget_tabbedcontainer_tab_panel endpoint to inject PHP code via the subWidgets parameter, demonstrating RCE capabilities.

This repository contains a functional exploit for CVE-2019-16759, a remote code execution vulnerability in vBulletin. The exploit leverages a widget template injection to execute arbitrary PHP code, bypassing authentication and uploading a shell.

This repository contains a functional exploit for CVE-2019-16759, a pre-authentication remote code execution vulnerability in vBulletin. The exploit is written in Python and targets vBulletin versions 5.0.0 through 5.5.4 by sending a crafted HTTP request to execute arbitrary commands.

This Metasploit module exploits a logic bug in vBulletin 5.x template rendering to achieve remote code execution by bypassing filters via the 'widget_tabbedcontainer_tab_panel' template and 'widget_php' argument. It supports multiple payload types (Meterpreter, Unix CMD, Windows CMD) and includes a check method to verify vulnerability.

This Metasploit module exploits a remote command execution vulnerability in vBulletin 5.x through 5.5.4 via the widgetConfig[code] parameter in an ajax/render/widget_php POST request. It supports multiple payload types including Meterpreter (PHP In-Memory), Unix CMD, and Windows CMD.