module
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
| Disclosed |
|---|
| 2020-03-12 |
Disclosed
2020-03-12
Description
This module exploits a SQL injection vulnerability found in vBulletin 5.6.1 and earlier
This module uses the getIndexableContent vulnerability to reset the administrators password,
it then uses the administrators login information to achieve RCE on the target. This module
has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux distribution.
This module uses the getIndexableContent vulnerability to reset the administrators password,
it then uses the administrators login information to achieve RCE on the target. This module
has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux distribution.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.