PHP Webshells, vBulletin, and Equifax Mode

This is just a quick post about some of the stuff behind an exploit I wrote for CVE-2020-7373. If you want to know more about the vulnerability itself, I’d suggest reading this blog post by zenofex. Effectively the vulnerability gives us a method of executing arbitrary PHP code on a vulnerable vBulletin installation. When I …

VisualDoor: SonicWall SSL-VPN Exploit

I’ve been sitting on this one for quite a while now, and figured what with SonicWall back in the news for getting owned via some 0days in their own shit products, it would be somewhat amusing to release this. I’m fairly sure its patched by now. Anyway, its lockdown 3.0 so you should stay inside …