nuclei-templates/http/cves/2023/CVE-2023-4168.yaml

42 lines
1.6 KiB
YAML
Raw Normal View History

2023-10-17 07:20:28 +00:00
id: CVE-2023-4168
info:
name: Adlisting Classified Ads 2.14.0 - Information Disclosure
author: r3Y3r53
severity: high
description: |
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
reference:
- https://www.exploit-db.com/exploits/51667
- https://templatecookie.com/demo/adlisting-classified-ads-script
- https://nvd.nist.gov/vuln/detail/CVE-2023-4168
- https://vuldb.com/?ctiid.236184
- https://vuldb.com/?id.236184
2023-10-17 07:20:28 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-4168
cwe-id: CWE-200,NVD-CWE-noinfo
epss-score: 0.12454
epss-percentile: 0.95296
cpe: cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*
2023-10-17 07:20:28 +00:00
metadata:
verified: true
max-request: 1
vendor: templatecookie
product: adlisting
2023-12-05 09:50:33 +00:00
tags: cve,cve2023,adlisting,exposure,templatecookie
2023-10-17 07:20:28 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "google_map_key", "api_key", "auth_domain")'
condition: and
# digest: 4b0a00483046022100a28b3fde66ec316e5d35e1bf44412d58add66c90225ea0a9fa425fc2828d6f47022100907ceb1d8aa34797e99ee9cc6bc997a324aecc9e2dfd80ee8824de4f81b07ffd:922c64590222798bb761d5b6d8e72950