Merge pull request #8178 from meme-lord/phpinfo_template

Added template for CVE-2023-39677 MyPrestaModules PHPInfo
2023-09-15 22:32:31 +05:30 · 2023-09-15 22:32:31 +05:30 · 8f3dfab992
parent 9395164f8e 89683e2c2b
commit 8f3dfab992
1 changed files with 42 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-39677.yaml
+++ b/http/cves/2023/CVE-2023-39677.yaml
@ -0,0 +1,42 @@
+id: CVE-2023-39677
+
+info:
+  name: PrestaShop MyPrestaModules - PhpInfo Disclosure
+  author: meme-lord
+  severity: low
+  description: |
+    PrestaShop modules by MyPrestaModules expose PHPInfo
+  reference:
+    - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/
+    - https://cve.report/CVE-2023-39677
+  metadata:
+    max-request: 1
+    verified: true
+    shodan-query: http.component:"PrestaShop"
+  tags: cve,cve2023,prestashop,phpinfo,disclosure
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1"
+      - "{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '>PHP Version <\/td><td class="v">([0-9.]+)'