Skip to content
Nuclei Templates

vBulletin <= 4.2.3 - SQL Injection

ID: CVE-2016-6195

Severity: critical

Author: MaStErChO

Tags: cve2016,cve,vbulletin,sqli,forum,edb

Description

Section titled “Description”

vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.

YAML Source

Section titled “YAML Source”
id: CVE-2016-6195


info:
  name: vBulletin <= 4.2.3 - SQL Injection
  author: MaStErChO
  severity: critical
  description: |
    vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
  remediation: |
    Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.
  reference:
    - https://www.cvedetails.com/cve/CVE-2016-6195/
    - https://www.exploit-db.com/exploits/38489
    - https://enumerated.wordpress.com/2016/07/11/1/
    - http://www.vbulletin.org/forum/showthread.php?t=322848
    - https://github.com/drewlong/vbully
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-6195
    cwe-id: CWE-89
    epss-score: 0.00284
    epss-percentile: 0.68612
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 6
    vendor: vbulletin
    product: vbulletin
    shodan-query:
      - title:"Powered By vBulletin"
      - http.html:"powered by vbulletin"
      - http.component:"vbulletin"
      - http.title:"powered by vbulletin"
      - cpe:"cpe:2.3:a:vbulletin:vbulletin"
    fofa-query:
      - body="powered by vbulletin"
      - title="powered by vbulletin"
    google-query:
      - intext:"powered by vbulletin"
      - intitle:"powered by vbulletin"
  tags: cve2016,cve,vbulletin,sqli,forum,edb


http:
  - method: GET
    path:
      - "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"


    stop-at-first-match: true
    host-redirects: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "type=dberror"


      - type: status
        status:
          - 200
          - 503
        condition: or
# digest: 4a0a0047304502204e66203f021ac82aaa4ed05e2db9c04a56583ab756a71d06ace7fce353adbaec022100905cbfb28545482d5e6a7bc448b03745ba7f254298a5319035a7553d2a8defa7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2016/CVE-2016-6195.yaml"

View on Github