.. / CVE-2016-6195

Exploit for vBulletin <= 4.2.3 - SQL Injection (CVE-2016-6195)

Description:

vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.

Nuclei Template

View the template here CVE-2016-6195.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-6195.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2016-6195
https://enumerated.wordpress.com/2016/07/11/1/
https://www.exploit-db.com/exploits/38489
http://www.vbulletin.org/forum/showthread.php?t=322848
https://github.com/drewlong/vbully
https://www.cvedetails.com/cve/CVE-2016-6195/

.. / CVE-2016-6195 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for vBulletin <= 4.2.3 - SQL Injection (CVE-2016-6195)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-6195