2024-03-16 17:23:48 +00:00
id : vbulletin-search-sqli
2024-04-17 07:02:32 +00:00
2024-03-16 17:23:48 +00:00
info :
2024-04-17 07:02:32 +00:00
name : vBulletin `Search.php` - SQL Injection
2024-03-16 17:23:48 +00:00
author : MaStErChO
severity : high
description : |
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
2024-04-17 07:02:32 +00:00
remediation : Upgrade to the latest version of vBulletin.
2024-03-16 17:23:48 +00:00
reference :
- https://www.exploit-db.com/exploits/17314
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
2024-09-10 09:08:16 +00:00
classification :
cpe : cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
2024-03-16 17:23:48 +00:00
metadata :
2024-04-17 07:02:32 +00:00
verified : true
2024-03-16 17:23:48 +00:00
max-request : 1
2024-09-10 08:22:50 +00:00
vendor : vbulletin
2024-09-10 09:08:16 +00:00
product : vbulletin
2024-03-16 17:23:48 +00:00
shodan-query : http.component:"vBulletin"
2024-04-18 08:16:35 +00:00
tags : vbulletin,sqli
2024-03-16 17:23:48 +00:00
http :
- raw :
- |
POST /search.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
contenttypeid=7&do=process&humanverify=1&cat[]=-1%27
2024-07-14 16:15:12 +00:00
host-redirects : true
2024-09-26 05:11:44 +00:00
max-redirects : 3
2024-03-16 17:23:48 +00:00
matchers-condition : and
matchers :
- type : word
part : body
words :
- "type=dberror"
2024-04-17 07:02:32 +00:00
- "MySQL Error"
condition : and
2024-03-16 17:23:48 +00:00
- type : status
status :
- 200
- 503
2024-04-17 07:02:32 +00:00
condition : or
2024-09-26 05:37:30 +00:00
# digest: 490a004630440220298dbc8cbd36ae972d877dd7c3fcfe968dfed421b207202e73a5d5c25a52662102202c59ba2a2aa59abbef79129ac701eb1c012536a58a990787781dcaa1dd1d0a6a:922c64590222798bb761d5b6d8e72950
