vBulletin SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1771911 漏洞类型 SQL注入
发布时间 2019-10-08 更新时间 2019-10-17
CVE编号 CVE-2019-17271 CNNVD-ID CNNVD-201910-286
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019100043
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201910-286
|漏洞详情
vBulletin是美国InternetBrands和vBulletinSolutions公司的一款基于PHP和MySQL的开源Web论坛程序。 vBulletin 5.5.4版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
|漏洞EXP
----------------------------------------------------
vBulletin <= 5.5.4 Two SQL Injection Vulnerabilities
----------------------------------------------------


[-] Software Link:

https://www.vbulletin.com/


[-] Affected Versions:

Version 5.5.4 and prior versions.


[-] Vulnerabilities Description:

1) User input passed through keys of the "where" parameter to
the "ajax/api/hook/getHookList" endpoint is not properly validated
before being used in an SQL query. This can be exploited to e.g.
read sensitive data from the database through in-band SQL injection
attacks. Successful exploitation of this vulnerability requires an
user account with the "canadminproducts" or "canadminstyles" permission.

2) User input passed through keys of the "where" parameter to
the "ajax/api/widget/getWidgetList" endpoint is not properly validated
before being used in an SQL query. This can be exploited to e.g.
read sensitive data from the database through time-based SQL injection
attacks. Successful exploitation of this vulnerability requires an
user account with the "canusesitebuilder" permission.


[-] Solution:

Apply the vendor Security Patch Level 2 or upgrade to version 5.5.5 or 
later.


[-] Disclosure Timeline:

[30/09/2019] - Vendor notified
[03/10/2019] - Patch released: https://bit.ly/2OptAzI
[07/10/2019] - CVE number assigned
[07/10/2019] - Public disclosure


[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2019-17271 to these vulnerabilities.


[-] Credits:

Vulnerability discovered by Egidio Romano.


[-] Original Advisory:

http://karmainsecurity.com/KIS-2019-01



|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html