2023-05-31 00:41:32 +00:00
id : CVE-2016-6195
info :
2023-06-15 14:51:03 +00:00
name : vBulletin <= 4.2.3 - SQL Injection
2023-05-31 00:41:32 +00:00
author : MaStErChO
severity : high
description : |
vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
reference :
- https://www.cvedetails.com/cve/CVE-2016-6195/
- https://www.exploit-db.com/exploits/38489
- https://www.securityfocus.com/bid/94312
2023-05-31 00:46:57 +00:00
- https://enumerated.wordpress.com/2016/07/11/1/
2023-05-31 00:41:32 +00:00
classification :
2023-05-31 01:03:01 +00:00
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cve-id : CVE-2016-6195
cwe-id : CWE-89
2023-06-15 14:50:15 +00:00
metadata :
verified : 'true'
shodan-query : title:"Powered By vBulletin"
2023-06-16 04:31:06 +00:00
tags : cve,cve2016,vbulletin,sqli,forum,edb
2023-05-31 00:41:32 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
2023-06-15 14:46:14 +00:00
stop-at-first-match : true
matchers-condition : and
2023-05-31 00:41:32 +00:00
matchers :
- type : word
part : body
words :
- "type=dberror"
2023-06-15 14:46:14 +00:00
- type : status
status :
- 200
- 503
condition : or
