nuclei-templates/http/cves/2016/CVE-2016-6195.yaml

57 lines
2.2 KiB
YAML

id: CVE-2016-6195
info:
name: vBulletin <= 4.2.3 - SQL Injection
author: MaStErChO
severity: critical
description: |
vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
remediation: |
Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.
reference:
- https://www.cvedetails.com/cve/CVE-2016-6195/
- https://www.exploit-db.com/exploits/38489
- https://enumerated.wordpress.com/2016/07/11/1/
- http://www.vbulletin.org/forum/showthread.php?t=322848
- https://github.com/drewlong/vbully
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2016-6195
cwe-id: CWE-89
epss-score: 0.00284
epss-percentile: 0.65202
cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 6
vendor: vbulletin
product: vbulletin
shodan-query: title:"Powered By vBulletin"
tags: cve,cve2016,vbulletin,sqli,forum,edb
http:
- method: GET
path:
- "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "type=dberror"
- type: status
status:
- 200
- 503
condition: or
# digest: 4a0a004730450220148de5e061a5fe3c6251106bab498d7528013e666aa29dec23d9e56137ecc6e3022100bff36120bf8be39928532a80d88f9b499c3209b24b6514ec62efea47503690e7:922c64590222798bb761d5b6d8e72950