daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update on matcher

patch-1
Dhiyaneshwaran 2024-04-17 12:32:32 +05:30 committed by GitHub
parent 33b4a1e774
commit 9550c01a3b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml
View File

@ -1,18 +1,20 @@
id: vbulletin-search-sqli
info:
name: vBulletin Search.php SQL Injection
name: vBulletin `Search.php` - SQL Injection
author: MaStErChO
severity: high
description: |
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
remediation: Upgrade to the latest version of vBulletin.
reference:
- https://www.exploit-db.com/exploits/17314
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
tags: vbulletin, ajaxreg, sql-injection
metadata:
verified: true
max-request: 1
shodan-query: http.component:"vBulletin"
tags: vbulletin,ajaxreg,sqli
http:
- raw:
@ -29,9 +31,11 @@ http:
part: body
words:
- "type=dberror"
- "MySQL Error"
condition: and
- type: status
status:
- 200
- 503
condition: or
condition: or