From c36a419cacd976f177da9a4add1015911522cdcc Mon Sep 17 00:00:00 2001 From: meme-lord Date: Fri, 8 Sep 2023 12:30:28 +0100 Subject: [PATCH 1/3] added myprestamodules phpinfo template --- http/cves/2023/CVE-2023-39677.yaml | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 http/cves/2023/CVE-2023-39677.yaml diff --git a/http/cves/2023/CVE-2023-39677.yaml b/http/cves/2023/CVE-2023-39677.yaml new file mode 100644 index 0000000000..5257c10d3e --- /dev/null +++ b/http/cves/2023/CVE-2023-39677.yaml @@ -0,0 +1,35 @@ +id: CVE-2023-39677 +info: + name: PrestaShop MyPrestaModules PHPInfo + author: meme-lord + severity: low + description: PrestaShop modules by MyPrestaModules expose PHPInfo + reference: + - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ + tags: cve,cve2023,prestashop,phpinfo + +http: + - method: GET + path: + - "{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1" + - "{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "PHP Extension" + - "PHP Version" + condition: and + + extractors: + - type: regex + part: body + group: 1 + regex: + - '>PHP Version <\/td>([0-9.]+)' From d888ca0d4b48b38c9329f8187b953debde25e14e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 11 Sep 2023 12:27:02 +0530 Subject: [PATCH 2/3] Update CVE-2023-39677.yaml --- http/cves/2023/CVE-2023-39677.yaml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/http/cves/2023/CVE-2023-39677.yaml b/http/cves/2023/CVE-2023-39677.yaml index 5257c10d3e..a95a85b014 100644 --- a/http/cves/2023/CVE-2023-39677.yaml +++ b/http/cves/2023/CVE-2023-39677.yaml @@ -1,12 +1,17 @@ id: CVE-2023-39677 + info: - name: PrestaShop MyPrestaModules PHPInfo + name: PrestaShop MyPrestaModules PHPInfo - Disclosure author: meme-lord severity: low description: PrestaShop modules by MyPrestaModules expose PHPInfo reference: - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ - tags: cve,cve2023,prestashop,phpinfo + metadata: + max-request: 1 + shodan-query: http.component:"PrestaShop" + verified: "true" + tags: cve,cve2023,prestashop,phpinfo,disclosure http: - method: GET @@ -16,10 +21,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -27,6 +28,10 @@ http: - "PHP Version" condition: and + - type: status + status: + - 200 + extractors: - type: regex part: body From 89683e2c2b10ba191831981cc7458d810153293f Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 15 Sep 2023 22:24:13 +0530 Subject: [PATCH 3/3] info update --- http/cves/2023/CVE-2023-39677.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/http/cves/2023/CVE-2023-39677.yaml b/http/cves/2023/CVE-2023-39677.yaml index a95a85b014..d92f5e9e04 100644 --- a/http/cves/2023/CVE-2023-39677.yaml +++ b/http/cves/2023/CVE-2023-39677.yaml @@ -1,16 +1,18 @@ id: CVE-2023-39677 info: - name: PrestaShop MyPrestaModules PHPInfo - Disclosure + name: PrestaShop MyPrestaModules - PhpInfo Disclosure author: meme-lord severity: low - description: PrestaShop modules by MyPrestaModules expose PHPInfo + description: | + PrestaShop modules by MyPrestaModules expose PHPInfo reference: - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ + - https://cve.report/CVE-2023-39677 metadata: max-request: 1 + verified: true shodan-query: http.component:"PrestaShop" - verified: "true" tags: cve,cve2023,prestashop,phpinfo,disclosure http: