daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-22897.yaml

patch-2
Ritik Chaddha 2024-05-16 17:01:52 +05:30 committed by GitHub
parent af2f5ade84
commit 376015ed53
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
http/cves/2022/CVE-2022-22897.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-22897
info:
name: PrestaShop Ap Pagebuilder <= 2.4.4 SQL Injection
name: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
author: mastercho
severity: critical
description: |
@ -60,14 +60,8 @@ http:
X-Requested-With: XMLHttpRequest
leoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6643=6644-- yMwI
extractors:
- type: regex
name: version
part: body_1
internal: true
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
matchers-condition: or
matchers:
- type: dsl
name: time-based
@ -76,7 +70,6 @@ http:
- 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
condition: and
- type: dsl
name: blind-based
dsl:
@ -84,4 +77,13 @@ http:
- 'contains(body_3, "content") && contains(body_3, "{{Hostname}}")'
- '!contains(body_4, "content") && !contains(body_4, "{{Hostname}}")'
- 'len(body_3) > 200 && len(body_4) <= 22'
condition: and
condition: and
extractors:
- type: regex
name: version
part: body_1
internal: true
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"