nuclei-templates/cves/2018/CVE-2018-6200.yaml

38 lines
975 B
YAML

id: CVE-2018-6200
info:
name: vBulletin 3.x.x & 4.2.x - Open Redirect
author: 0x_Akoko,daffainfo
severity: medium
description: |
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
reference:
- https://cxsecurity.com/issue/WLB-2018010251
- https://www.cvedetails.com/cve/CVE-2018-6200
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-6200
cwe-id: CWE-601
metadata:
verified: true
tags: cve,cve2018,redirect,vbulletin
requests:
- method: GET
path:
- '{{BaseURL}}/redirector.php?url=https://attacker.com'
- '{{BaseURL}}/redirector.php?do=nodelay&url=https://attacker.com'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<meta http-equiv="refresh" content="0; URL=https://attacker.com">'
- type: status
status:
- 200