daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update on matcher

patch-1
Dhiyaneshwaran 2024-04-17 12:32:32 +05:30 committed by GitHub
parent 33b4a1e774
commit 9550c01a3b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml
View File

@ -1,18 +1,20 @@
id: vbulletin-search-sqli id: vbulletin-search-sqli
info: info:
name: vBulletin Search.php SQL Injection name: vBulletin `Search.php` - SQL Injection
author: MaStErChO author: MaStErChO
severity: high severity: high
description: | description: |
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server. vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
remediation: Upgrade to the latest version of vBulletin.
reference: reference:
- https://www.exploit-db.com/exploits/17314 - https://www.exploit-db.com/exploits/17314
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/ - https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
tags: vbulletin, ajaxreg, sql-injection
metadata: metadata:
verified: true
max-request: 1 max-request: 1
shodan-query: http.component:"vBulletin" shodan-query: http.component:"vBulletin"
tags: vbulletin,ajaxreg,sqli
http: http:
- raw: - raw:
@ -29,9 +31,11 @@ http:
part: body part: body
words: words:
- "type=dberror" - "type=dberror"
- "MySQL Error"
condition: and
- type: status - type: status
status: status:
- 200 - 200
- 503 - 503
condition: or condition: or