2023-10-17 07:20:28 +00:00
id : CVE-2023-4168
info :
name : Adlisting Classified Ads 2.14.0 - Information Disclosure
author : r3Y3r53
severity : high
description : |
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
reference :
- https://www.exploit-db.com/exploits/51667
- https://templatecookie.com/demo/adlisting-classified-ads-script
- https://nvd.nist.gov/vuln/detail/CVE-2023-4168
2023-10-17 17:52:26 +00:00
- https://vuldb.com/?ctiid.236184
- https://vuldb.com/?id.236184
2023-10-17 07:20:28 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cve-id : CVE-2023-4168
2023-10-19 10:38:59 +00:00
cwe-id : CWE-200,NVD-CWE-noinfo
2024-04-08 11:34:33 +00:00
epss-score : 0.12454
epss-percentile : 0.95296
2023-10-17 17:52:26 +00:00
cpe : cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*
2023-10-17 07:20:28 +00:00
metadata :
verified : true
max-request : 1
2023-10-17 17:52:26 +00:00
vendor : templatecookie
product : adlisting
2023-12-05 09:50:33 +00:00
tags : cve,cve2023,adlisting,exposure,templatecookie
2023-10-17 07:20:28 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="
matchers :
- type : dsl
dsl :
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "google_map_key", "api_key", "auth_domain")'
condition : and
2024-03-25 11:57:16 +00:00
# digest: 4b0a00483046022100a28b3fde66ec316e5d35e1bf44412d58add66c90225ea0a9fa425fc2828d6f47022100907ceb1d8aa34797e99ee9cc6bc997a324aecc9e2dfd80ee8824de4f81b07ffd:922c64590222798bb761d5b6d8e72950