This tool use Cross-Site Scripting (XSS) to
inject PHP code into the vBulletin Plugin feature when an administrator
triggers a malicious JavaScript payload. Subsequently, a reverse
meterpreter shell is granted to the attacker when the injected PHP code
is activated.
Requirements
- Python (2.7.*, version 2.7.3 was used for development and demo)
- Gnome
- Bash
- Msfconsole (accessible via environment variables)
- Netcat (nc)
Payload Compatibility
- Firefox (Confirmed in a previous version)
- Chrome (Confirmed for the latest version - 14 Nov 2015)
Payload Compatibility
- Firefox (Confirmed in a previous version)
- Chrome (Confirmed for the latest version - 14 Nov 2015)
proof of concept :
Posts
No comments:
Post a Comment