minor update on matcher
parent
33b4a1e774
commit
9550c01a3b
|
@ -1,18 +1,20 @@
|
||||||
id: vbulletin-search-sqli
|
id: vbulletin-search-sqli
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: vBulletin Search.php SQL Injection
|
name: vBulletin `Search.php` - SQL Injection
|
||||||
author: MaStErChO
|
author: MaStErChO
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
|
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
|
||||||
|
remediation: Upgrade to the latest version of vBulletin.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/17314
|
- https://www.exploit-db.com/exploits/17314
|
||||||
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
|
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
|
||||||
tags: vbulletin, ajaxreg, sql-injection
|
|
||||||
metadata:
|
metadata:
|
||||||
|
verified: true
|
||||||
max-request: 1
|
max-request: 1
|
||||||
shodan-query: http.component:"vBulletin"
|
shodan-query: http.component:"vBulletin"
|
||||||
|
tags: vbulletin,ajaxreg,sqli
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -29,6 +31,8 @@ http:
|
||||||
part: body
|
part: body
|
||||||
words:
|
words:
|
||||||
- "type=dberror"
|
- "type=dberror"
|
||||||
|
- "MySQL Error"
|
||||||
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
Loading…
Reference in New Issue