From baea50a1ff8cf0fbac55ddffae5481027ef718a5 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sun, 22 May 2022 08:05:29 +0900 Subject: [PATCH 1/2] Create CVE-2018-6200.yaml --- CVE-2018-6200.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 CVE-2018-6200.yaml diff --git a/CVE-2018-6200.yaml b/CVE-2018-6200.yaml new file mode 100644 index 0000000000..4ab9231c43 --- /dev/null +++ b/CVE-2018-6200.yaml @@ -0,0 +1,28 @@ +id: CVE-2018-6200 + +info: + name: vBulletin 3.x.x & 4.2.x - open redirect + author: 0x_Akoko + severity: medium + description: vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. + reference: + - https://cxsecurity.com/issue/WLB-2018010251 + - https://www.cvedetails.com/cve/CVE-2018-6200 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-6200 + cwe-id: CWE-601 + tags: cve,cve2018,redirect,vbulletin + +requests: + - method: GET + path: + - '{{BaseURL}}/redirector.php?url=https://example.com' + - '{{BaseURL}}/redirector.php?do=nodelay&url=https://example.com' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 From 4df7ff976273cc2812e7e422f85967a9e8e8104b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 23 May 2022 14:15:44 +0530 Subject: [PATCH 2/2] Update and rename CVE-2018-6200.yaml to cves/2018/CVE-2018-6200.yaml --- CVE-2018-6200.yaml | 28 ---------------------------- cves/2018/CVE-2018-6200.yaml | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 28 deletions(-) delete mode 100644 CVE-2018-6200.yaml create mode 100644 cves/2018/CVE-2018-6200.yaml diff --git a/CVE-2018-6200.yaml b/CVE-2018-6200.yaml deleted file mode 100644 index 4ab9231c43..0000000000 --- a/CVE-2018-6200.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2018-6200 - -info: - name: vBulletin 3.x.x & 4.2.x - open redirect - author: 0x_Akoko - severity: medium - description: vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. - reference: - - https://cxsecurity.com/issue/WLB-2018010251 - - https://www.cvedetails.com/cve/CVE-2018-6200 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2018-6200 - cwe-id: CWE-601 - tags: cve,cve2018,redirect,vbulletin - -requests: - - method: GET - path: - - '{{BaseURL}}/redirector.php?url=https://example.com' - - '{{BaseURL}}/redirector.php?do=nodelay&url=https://example.com' - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/cves/2018/CVE-2018-6200.yaml b/cves/2018/CVE-2018-6200.yaml new file mode 100644 index 0000000000..846bc44ca6 --- /dev/null +++ b/cves/2018/CVE-2018-6200.yaml @@ -0,0 +1,35 @@ +id: CVE-2018-6200 + +info: + name: vBulletin 3.x.x & 4.2.x - Open Redirect + author: 0x_Akoko,daffainfo + severity: medium + description: | + vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. + reference: + - https://cxsecurity.com/issue/WLB-2018010251 + - https://www.cvedetails.com/cve/CVE-2018-6200 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-6200 + cwe-id: CWE-601 + tags: cve,cve2018,redirect,vbulletin + +requests: + - method: GET + path: + - '{{BaseURL}}/redirector.php?url=https://attacker.com' + - '{{BaseURL}}/redirector.php?do=nodelay&url=https://attacker.com' + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - '' + + - type: status + status: + - 200